def wait_loop(self):
while 1:
recv_data, address = self.socket.recvfrom(2048)
# Tetris DS overlay 10 @ 02144184 - Handle responses back to server
# Tetris DS overlay 10 @ 02144184 - Handle responses back to server
#
# After some more packet inspection, it seems the format goes something like this:
# - All server messages seem to always start with \xfe\xfd.
# - The first byte from the client (or third byte from the server) is a command.
# - Bytes 2 - 5 from the client is some kind of ID. This will have to be inspected later. I believe it's a
# session-like ID because the number changes between connections. Copying the client's ID might be enough.
#
# The above was as guessed.
# The code in Tetris DS (overlay 10) @ 0216E974 handles the network command creation.
# R1 contains the command to be sent to the server.
# R2 contains a pointer to some unknown integer that gets written after the command.
#
# - Commands
# Commands range from 0x00 to 0x09 (for client only at least?) (Tetris DS overlay 10 @ 0216DDCC)
#
# CLIENT:
# 0x01 - Response (Tetris DS overlay 10 @ 216DCA4)
# Sends back base64 of RC4 encrypted string that was gotten from the server's 0x01.
#
# 0x03 - Send client state? (Tetris DS overlay 10 @ 216DA30)
# Data sent:
# 1) Loop for each localip available on the system, write as localip%d\x00(local ip)
# 2) localport\x00(local port)
# 3) natneg (either 0 or 1)
# 4) ONLY IF STATE CHANGED: statechanged\x00(state) (Possible values: 0, 1, 2, 3)
# 5) gamename\x00(game name)
# 6) ONLY IF PUBLIC IP AND PORT ARE AVAILABLE: publicip\x00(public ip)
# 7) ONLY IF PUBLIC IP AND PORT ARE AVAILABLE: publicport\x00(public port)
#
# if statechanged != 2:
# Write various other data described here: http://docs.poweredbygamespy.com/wiki/Query_and_Reporting_Implementation
#
# 0x07 - Unknown, related to server's 0x06 (returns value sent from server)
#
# 0x08 - Keep alive? Sent after 0x03
#
# 0x09 - Availability check
#
# SERVER:
# 0x01 - Unknown
# Data sent:
# 8 random ASCII characters (?) followed by the public IP and port of the client as a hex string
#
# 0x06 - Unknown
# First 4 bytes is some kind of id? I believe it's a unique identifier for the data being sent,
# seeing how the server can send the same IP information many times in a row. If the IP information has
# already been parsed then it doesn't waste time handling it.
#
# After that is a "SBCM" section which is 0x14 bytes in total.
# SBCM information gets parsed at 2141A0C in Tetris DS overlay 10.
# Seems to contain IP address information.
#
# The SBCM seems to contain a little information that must be parsed before.
# After the SBCM:
# \x03\x00\x00\x00 - Always the same?
# \x01 - Found player?
# \x04 - Unknown
# (2 bytes) - Unknown. Port?
# (4 bytes) - Player's IP
# (4 bytes) - Unknown. Some other IP? Remote server IP?
# \x00\x00\x00\x00 - Unknown but seems to get checked
#
# Another SBCM, after a player has been found and attempting to start a game:
# \x03\x00\x00\x00 - Always the same?
# \x05 - Connecting to player?
# \x00 - Unknown
# (2 bytes) - Unknown. Port? Same as before.
# (4 bytes) - Player's IP
# (4 bytes) - Unknown. Some other IP? Remote server IP?
#
# 0x0a - Response to 0x01
# Gets sent after receiving 0x01 from the client. So, server 0x01 -> client 0x01 -> server 0x0a.
# Has no other data besides the client ID.
#
# - \xfd\xfc commands get passed directly between the other player(s)?
#
#
# Open source version of GameSpy found here: https://github.com/sfcspanky/Openspy-Core/tree/master/qr
# Use as reference.
session_id = struct.unpack("<I", recv_data[1:5])[0]
session_id_raw = recv_data[1:5]
if session_id not in self.sessions:
# Found a new session, add to session list
self.sessions[session_id] = self.Session(address)
# Handle commands
if recv_data[0] == '\x00': # Query
self.log(logging.DEBUG, address, "NOT IMPLEMENTED! Received query from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x01': # Challenge
self.log(logging.DEBUG, address, "Received challenge from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
# Prepare the challenge sent from the server to be compared
challenge = gs_utils.prepare_rc4_base64(self.sessions[session_id].secretkey, self.sessions[session_id].challenge)
# Compare challenge
client_challenge = recv_data[5:-1]
if client_challenge == challenge:
# Challenge succeeded
self.sessions[session_id].sent_challenge = True
# Handle successful challenge stuff here
packet = bytearray([0xfe, 0xfd, 0x0a]) # Send client registered command
packet.extend(session_id_raw) # Get the session ID
self.socket.sendto(packet, address)
self.log(logging.DEBUG, address, "Sent client registered to %s:%s..." % (address[0], address[1]))
elif recv_data[0] == '\x02': # Echo
self.log(logging.DEBUG, address, "NOT IMPLEMENTED! Received echo from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x03': # Heartbeat
data = recv_data[5:]
self.log(logging.DEBUG, address, "Received heartbeat from %s:%s... %s" % (address[0], address[1], data))
# Parse information from heartbeat here
d = data.rstrip('\0').split('\0')
# It may be safe to ignore "unknown" keys because the proper key names get filled in later...
k = {}
for i in range(0, len(d), 2):
self.log(logging.DEBUG, address, "%s = %s" % (d[i], d[i+1]))
k[d[i]] = d[i+1]
if "gamename" in k:
self.sessions[session_id].secretkey = self.secret_key_list[k['gamename']]
#print "Got secret key %s for %s" % (self.sessions[session_id].secretkey, k['gamename'])
if self.sessions[session_id].playerid == 0 and "dwc_pid" in k:
# Get the player's id and then query the profile to figure out what console they are on.
# The endianness of some server data depends on the endianness of the console, so we must be able
# to account for that.
self.sessions[session_id].playerid = int(k['dwc_pid'])
profile = self.db.get_profile_from_profileid(self.sessions[session_id].playerid)
if "console" in profile:
self.sessions[session_id].console = profile['console']
if self.sessions[session_id].sent_challenge == False:
addr_hex = ''.join(["%02X" % int(x) for x in address[0].split('.')])
port_hex = "%04X" % int(address[1])
server_challenge = utils.generate_random_str(8) + addr_hex + port_hex
self.sessions[session_id].challenge = server_challenge
packet = bytearray([0xfe, 0xfd, 0x01]) # Send challenge command
packet.extend(session_id_raw) # Get the session ID
packet.extend(server_challenge)
packet.extend('\x00')
self.socket.sendto(packet, address)
self.log(logging.DEBUG, address, "Sent challenge to %s:%s..." % (address[0], address[1]))
if "statechanged" in k:
if k['statechanged'] == "1": # Create server
if k['publicport'] != "0" and k['publicip'] != "0" and k['maxplayers'] != "0":
# dwc_mtype controls what kind of server query we're looking for.
# dwc_mtype = 0 is used when looking for a matchmaking game.
# dwc_mtype = 1 is unknown.
# dwc_mtype = 2 is used when hosting a friends only game (possibly other uses too).
# dwc_mtype = 3 is used when looking for a friends only game (possibly other uses too).
# Some memory could be saved by clearing out any unwanted fields from k before sending.
self.server_manager.update_server_list(k['gamename'] , session_id, k, self.sessions[session_id].console)
elif k['statechanged'] == "2": # Close server
self.server_manager.delete_server(k['gamename'] , session_id)
#self.sessions.pop(session_id)
elif recv_data[0] == '\x04': # Add Error
self.log(logging.WARNING, address, "NOT IMPLEMENTED! Received add error from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x05': # Echo Response
self.log(logging.WARNING, address, "NOT IMPLEMENTED! Received echo response from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x06': # Client Message
self.log(logging.WARNING, address, "NOT IMPLEMENTED! Received echo from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x07': # Client Message Ack
self.log(logging.WARNING, address, "NOT IMPLEMENTED! Received client message ack from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x08': # Keep Alive
self.log(logging.DEBUG, address, "Received keep alive from %s:%s..." % (address[0], address[1]))
elif recv_data[0] == '\x09': # Available
# Availability check only sent to *.available.gs.nintendowifi.net
self.log(logging.DEBUG, address, "Received availability request for '%s' from %s:%s..." % (recv_data[5: -1], address[0], address[1]))
self.socket.sendto(bytearray([0xfe, 0xfd, 0x09, 0x00, 0x00, 0x00, 0x00]), address)
elif recv_data[0] == '\x0a': # Client Registered
# Only sent to client, never received?
self.log(logging.WARNING, address, "NOT IMPLEMENTED! Received client registered from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
else:
self.log(logging.ERROR, address, "Unknown request from %s:%s:" % (address[0], address[1]))
self.log(logging.DEBUG, address, utils.pretty_print_hex(recv_data))
def handle_packet(self, socket, recv_data, address):
# Tetris DS overlay 10 @ 02144184 - Handle responses back to server
# Tetris DS overlay 10 @ 02144184 - Handle responses back to server
#
# After some more packet inspection, it seems the format goes something like this:
# - All server messages seem to always start with \xfe\xfd.
# - The first byte from the client (or third byte from the server) is a command.
# - Bytes 2 - 5 from the client is some kind of ID. This will have to be inspected later. I believe it's a
# session-like ID because the number changes between connections. Copying the client's ID might be enough.
#
# The above was as guessed.
# The code in Tetris DS (overlay 10) @ 0216E974 handles the network command creation.
# R1 contains the command to be sent to the server.
# R2 contains a pointer to some unknown integer that gets written after the command.
#
# - Commands
# Commands range from 0x00 to 0x09 (for client only at least?) (Tetris DS overlay 10 @ 0216DDCC)
#
# CLIENT:
# 0x01 - Response (Tetris DS overlay 10 @ 216DCA4)
# Sends back base64 of RC4 encrypted string that was gotten from the server's 0x01.
#
# 0x03 - Send client state? (Tetris DS overlay 10 @ 216DA30)
# Data sent:
# 1) Loop for each localip available on the system, write as localip%d\x00(local ip)
# 2) localport\x00(local port)
# 3) natneg (either 0 or 1)
# 4) ONLY IF STATE CHANGED: statechanged\x00(state) (Possible values: 0, 1, 2, 3)
# 5) gamename\x00(game name)
# 6) ONLY IF PUBLIC IP AND PORT ARE AVAILABLE: publicip\x00(public ip)
# 7) ONLY IF PUBLIC IP AND PORT ARE AVAILABLE: publicport\x00(public port)
#
# if statechanged != 2:
# Write various other data described here: http://docs.poweredbygamespy.com/wiki/Query_and_Reporting_Implementation
#
# 0x07 - Unknown, related to server's 0x06 (returns value sent from server)
#
# 0x08 - Keep alive? Sent after 0x03
#
# 0x09 - Availability check
#
# SERVER:
# 0x01 - Unknown
# Data sent:
# 8 random ASCII characters (?) followed by the public IP and port of the client as a hex string
#
# 0x06 - Unknown
# First 4 bytes is some kind of id? I believe it's a unique identifier for the data being sent,
# seeing how the server can send the same IP information many times in a row. If the IP information has
# already been parsed then it doesn't waste time handling it.
#
# After that is a "SBCM" section which is 0x14 bytes in total.
# SBCM information gets parsed at 2141A0C in Tetris DS overlay 10.
# Seems to contain IP address information.
#
# The SBCM seems to contain a little information that must be parsed before.
# After the SBCM:
# \x03\x00\x00\x00 - Always the same?
# \x01 - Found player?
# \x04 - Unknown
# (2 bytes) - Unknown. Port?
# (4 bytes) - Player's IP
# (4 bytes) - Unknown. Some other IP? Remote server IP?
# \x00\x00\x00\x00 - Unknown but seems to get checked
#
# Another SBCM, after a player has been found and attempting to start a game:
# \x03\x00\x00\x00 - Always the same?
# \x05 - Connecting to player?
# \x00 - Unknown
# (2 bytes) - Unknown. Port? Same as before.
# (4 bytes) - Player's IP
# (4 bytes) - Unknown. Some other IP? Remote server IP?
#
# 0x0a - Response to 0x01
# Gets sent after receiving 0x01 from the client. So, server 0x01 -> client 0x01 -> server 0x0a.
# Has no other data besides the client ID.
#
# - \xfd\xfc commands get passed directly between the other player(s)?
#
#
# Open source version of GameSpy found here: https://github.com/sfcspanky/Openspy-Core/tree/master/qr
# Use as reference.
session_id = None
if recv_data[0] != '\x09':
# Don't add a session if the client is trying to check if the game is available or not
session_id = struct.unpack("<I", recv_data[1:5])[0]
session_id_raw = recv_data[1:5]
if session_id not in self.sessions:
# Found a new session, add to session list
self.sessions[session_id] = self.Session(address)
self.sessions[session_id].session = session_id
self.sessions[session_id].keepalive = int(time.time())
self.sessions[session_id].disconnected = False
if session_id in self.sessions and self.sessions[session_id].disconnected == True:
return
if session_id in self.sessions:
self.sessions[session_id].keepalive = int(time.time()) # Make sure the server doesn't get removed
# Handle commands
if recv_data[0] == '\x00': # Query
self.log(logging.DEBUG, address, session_id, "NOT IMPLEMENTED! Received query from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x01': # Challenge
self.log(logging.DEBUG, address, session_id, "Received challenge from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
# Prepare the challenge sent from the server to be compared
challenge = gs_utils.prepare_rc4_base64(self.sessions[session_id].secretkey, self.sessions[session_id].challenge)
# Compare challenge
client_challenge = recv_data[5:-1]
if client_challenge == challenge:
# Challenge succeeded
# Send message back to client saying it was accepted
packet = bytearray([0xfe, 0xfd, 0x0a]) # Send client registered command
packet.extend(session_id_raw) # Get the session ID
self.write_queue.put((packet, address))
self.log(logging.DEBUG, address, session_id, "Sent client registered to %s:%s..." % (address[0], address[1]))
if self.sessions[session_id].heartbeat_data != None:
self.update_server_list(session_id, self.sessions[session_id].heartbeat_data)
else:
# Failed the challenge, request another during the next heartbeat
self.sessions[session_id].sent_challenge = False
self.server_manager.delete_server(self.sessions[session_id].gamename, session_id)
elif recv_data[0] == '\x02': # Echo
self.log(logging.DEBUG, address, session_id, "NOT IMPLEMENTED! Received echo from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x03': # Heartbeat
data = recv_data[5:]
self.log(logging.DEBUG, address, session_id, "Received heartbeat from %s:%s... %s" % (address[0], address[1], data))
# Parse information from heartbeat here
d = data.rstrip('\0').split('\0')
# It may be safe to ignore "unknown" keys because the proper key names get filled in later...
k = {}
for i in range(0, len(d), 2):
#self.log(logging.DEBUG, address, session_id, "%s = %s" % (d[i], d[i+1]))
k[d[i]] = d[i+1]
if self.sessions[session_id].ingamesn != None:
if "gamename" in k and "dwc_pid" in k:
try:
profile = self.db.get_profile_from_profileid(k['dwc_pid'])
naslogin = self.db.get_nas_login_from_userid(profile['userid'])
self.sessions[session_id].ingamesn = str(naslogin['ingamesn']) # convert to string from unicode(which is just a base64 string anyway)
except Exception,e:
pass # If the game doesn't have, don't worry about it.
if self.sessions[session_id].ingamesn != None and "ingamesn" not in k:
k['ingamesn'] = self.sessions[session_id].ingamesn
if "gamename" in k:
if k['gamename'] in self.secret_key_list:
self.sessions[session_id].secretkey = self.secret_key_list[k['gamename']]
else:
self.log(logging.INFO, address, session_id, "Connection from unknown game '%s'!" % k['gamename'])
if self.sessions[session_id].playerid == 0 and "dwc_pid" in k:
# Get the player's id and then query the profile to figure out what console they are on.
# The endianness of some server data depends on the endianness of the console, so we must be able
# to account for that.
self.sessions[session_id].playerid = int(k['dwc_pid'])
# Try to detect console without hitting the database first
found_console = False
if 'gamename' in k:
self.sessions[session_id].console = 0
if k['gamename'].endswith('ds') or k['gamename'].endswith('dsam') or k['gamename'].endswith('dsi') or k['gamename'].endswith('dsiam'):
self.sessions[session_id].console = 0
found_console = True
elif k['gamename'].endswith('wii') or k['gamename'].endswith('wiiam') or k['gamename'].endswith('wiiware') or k['gamename'].endswith('wiiwaream'):
self.sessions[session_id].console = 1
found_console = True
if found_console == False:
# Couldn't detect game, try to get it from the database
# Try a 3 times before giving up
for i in range(0, 3):
try:
profile = self.db.get_profile_from_profileid(self.sessions[session_id].playerid)
if "console" in profile:
self.sessions[session_id].console = profile['console']
break
except:
time.sleep(0.5)
if 'publicip' in k and k['publicip'] == "0": #and k['dwc_hoststate'] == "2": # When dwc_hoststate == 2 then it doesn't send an IP, so calculate it ourselves
be = self.sessions[session_id].console != 0
k['publicip'] = str(utils.get_ip(bytearray([int(x) for x in address[0].split('.')]), 0, be))
if 'publicport' in k and 'localport' in k and k['publicport'] != k['localport']:
self.log(logging.DEBUG, address, session_id, "publicport %s doesn't match localport %s, so changing publicport to %s..." \
% (k['publicport'], k['localport'], str(address[1])))
k['publicport'] = str(address[1])
if self.sessions[session_id].sent_challenge == True:
self.update_server_list(session_id, k)
else:
addr_hex = ''.join(["%02X" % int(x) for x in address[0].split('.')])
port_hex = "%04X" % int(address[1])
server_challenge = utils.generate_random_str(6) + '00' + addr_hex + port_hex
self.sessions[session_id].challenge = server_challenge
packet = bytearray([0xfe, 0xfd, 0x01]) # Send challenge command
packet.extend(session_id_raw) # Get the session ID
packet.extend(server_challenge)
packet.extend('\x00')
self.write_queue.put((packet, address))
self.log(logging.DEBUG, address, session_id, "Sent challenge to %s:%s..." % (address[0], address[1]))
self.sessions[session_id].sent_challenge = True
self.sessions[session_id].heartbeat_data = k
def wait_loop(self):
while 1:
recv_data, address = self.socket.recvfrom(2048)
# Tetris DS overlay 10 @ 02144184 - Handle responses back to server
# Tetris DS overlay 10 @ 02144184 - Handle responses back to server
#
# After some more packet inspection, it seems the format goes something like this:
# - All server messages seem to always start with \xfe\xfd.
# - The first byte from the client (or third byte from the server) is a command.
# - Bytes 2 - 5 from the client is some kind of ID. This will have to be inspected later. I believe it's a
# session-like ID because the number changes between connections. Copying the client's ID might be enough.
#
# The above was as guessed.
# The code in Tetris DS (overlay 10) @ 0216E974 handles the network command creation.
# R1 contains the command to be sent to the server.
# R2 contains a pointer to some unknown integer that gets written after the command.
#
# - Commands
# Commands range from 0x00 to 0x09 (for client only at least?) (Tetris DS overlay 10 @ 0216DDCC)
#
# CLIENT:
# 0x01 - Response (Tetris DS overlay 10 @ 216DCA4)
# Sends back base64 of RC4 encrypted string that was gotten from the server's 0x01.
#
# 0x03 - Send client state? (Tetris DS overlay 10 @ 216DA30)
# Data sent:
# 1) Loop for each localip available on the system, write as localip%d\x00(local ip)
# 2) localport\x00(local port)
# 3) natneg (either 0 or 1)
# 4) ONLY IF STATE CHANGED: statechanged\x00(state) (Possible values: 0, 1, 2, 3)
# 5) gamename\x00(game name)
# 6) ONLY IF PUBLIC IP AND PORT ARE AVAILABLE: publicip\x00(public ip)
# 7) ONLY IF PUBLIC IP AND PORT ARE AVAILABLE: publicport\x00(public port)
#
# if statechanged != 2:
# Write various other data described here: http://docs.poweredbygamespy.com/wiki/Query_and_Reporting_Implementation
#
# 0x07 - Unknown, related to server's 0x06 (returns value sent from server)
#
# 0x08 - Keep alive? Sent after 0x03
#
# 0x09 - Availability check
#
# SERVER:
# 0x01 - Unknown
# Data sent:
# 8 random ASCII characters (?) followed by the public IP and port of the client as a hex string
#
# 0x06 - Unknown
# First 4 bytes is some kind of id? I believe it's a unique identifier for the data being sent,
# seeing how the server can send the same IP information many times in a row. If the IP information has
# already been parsed then it doesn't waste time handling it.
#
# After that is a "SBCM" section which is 0x14 bytes in total.
# SBCM information gets parsed at 2141A0C in Tetris DS overlay 10.
# Seems to contain IP address information.
#
# The SBCM seems to contain a little information that must be parsed before.
# After the SBCM:
# \x03\x00\x00\x00 - Always the same?
# \x01 - Found player?
# \x04 - Unknown
# (2 bytes) - Unknown. Port?
# (4 bytes) - Player's IP
# (4 bytes) - Unknown. Some other IP? Remote server IP?
# \x00\x00\x00\x00 - Unknown but seems to get checked
#
# Another SBCM, after a player has been found and attempting to start a game:
# \x03\x00\x00\x00 - Always the same?
# \x05 - Connecting to player?
# \x00 - Unknown
# (2 bytes) - Unknown. Port? Same as before.
# (4 bytes) - Player's IP
# (4 bytes) - Unknown. Some other IP? Remote server IP?
#
# 0x0a - Response to 0x01
# Gets sent after receiving 0x01 from the client. So, server 0x01 -> client 0x01 -> server 0x0a.
# Has no other data besides the client ID.
#
# - \xfd\xfc commands get passed directly between the other player(s)?
#
#
# Open source version of GameSpy found here: https://github.com/sfcspanky/Openspy-Core/tree/master/qr
# Use as reference.
if recv_data[0] != '\x09':
# Don't add a session if the client is trying to check if the game is available or not
session_id = struct.unpack("<I", recv_data[1:5])[0]
session_id_raw = recv_data[1:5]
if session_id not in self.sessions:
# Found a new session, add to session list
self.sessions[session_id] = self.Session(address)
self.sessions[session_id].session = session_id
self.sessions[session_id].keepalive = int(time.time())
# Handle commands
if recv_data[0] == '\x00': # Query
self.log(logging.DEBUG, address, "NOT IMPLEMENTED! Received query from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x01': # Challenge
self.log(logging.DEBUG, address, "Received challenge from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
# Prepare the challenge sent from the server to be compared
challenge = gs_utils.prepare_rc4_base64(self.sessions[session_id].secretkey, self.sessions[session_id].challenge)
# Compare challenge
client_challenge = recv_data[5:-1]
if client_challenge == challenge:
# Challenge succeeded
# Send message back to client saying it was accepted
packet = bytearray([0xfe, 0xfd, 0x0a]) # Send client registered command
packet.extend(session_id_raw) # Get the session ID
self.socket.sendto(packet, address)
self.log(logging.DEBUG, address, "Sent client registered to %s:%s..." % (address[0], address[1]))
else:
# Failed the challenge, request another during the next heartbeat
self.sessions[session_id].sent_challenge = False
elif recv_data[0] == '\x02': # Echo
self.log(logging.DEBUG, address, "NOT IMPLEMENTED! Received echo from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x03': # Heartbeat
data = recv_data[5:]
self.log(logging.DEBUG, address, "Received heartbeat from %s:%s... %s" % (address[0], address[1], data))
# Parse information from heartbeat here
d = data.rstrip('\0').split('\0')
# It may be safe to ignore "unknown" keys because the proper key names get filled in later...
k = {}
for i in range(0, len(d), 2):
#self.log(logging.DEBUG, address, "%s = %s" % (d[i], d[i+1]))
k[d[i]] = d[i+1]
if "gamename" in k:
self.sessions[session_id].secretkey = self.secret_key_list[k['gamename']]
#print "Got secret key %s for %s" % (self.sessions[session_id].secretkey, k['gamename'])
if self.sessions[session_id].playerid == 0 and "dwc_pid" in k:
# Get the player's id and then query the profile to figure out what console they are on.
# The endianness of some server data depends on the endianness of the console, so we must be able
# to account for that.
self.sessions[session_id].playerid = int(k['dwc_pid'])
profile = self.db.get_profile_from_profileid(self.sessions[session_id].playerid)
if "console" in profile:
self.sessions[session_id].console = profile['console']
if self.sessions[session_id].sent_challenge == False:
addr_hex = ''.join(["%02X" % int(x) for x in address[0].split('.')])
port_hex = "%04X" % int(address[1])
server_challenge = utils.generate_random_str(8) + addr_hex + port_hex
self.sessions[session_id].challenge = server_challenge
packet = bytearray([0xfe, 0xfd, 0x01]) # Send challenge command
packet.extend(session_id_raw) # Get the session ID
packet.extend(server_challenge)
packet.extend('\x00')
self.socket.sendto(packet, address)
self.log(logging.DEBUG, address, "Sent challenge to %s:%s..." % (address[0], address[1]))
self.sessions[session_id].sent_challenge = True
if 'publicip' in k and k['publicip'] == "0": #and k['dwc_hoststate'] == "2": # When dwc_hoststate == 2 then it doesn't send an IP, so calculate it ourselves
if self.sessions[session_id].console != 0:
k['publicip'] = str(ctypes.c_int32(utils.get_int_be(bytearray([int(x) for x in address[0].split('.')]), 0)).value) # Wii
else:
k['publicip'] = str(ctypes.c_int32(utils.get_int(bytearray([int(x) for x in address[0].split('.')]), 0)).value) # DS
if "statechanged" in k:
if k['statechanged'] == "1": # Create server
#if k['publicport'] != "0" and k['publicip'] != "0":
# dwc_mtype controls what kind of server query we're looking for.
# dwc_mtype = 0 is used when looking for a matchmaking game.
# dwc_mtype = 1 is unknown.
# dwc_mtype = 2 is used when hosting a friends only game (possibly other uses too).
# dwc_mtype = 3 is used when looking for a friends only game (possibly other uses too).
# Some memory could be saved by clearing out any unwanted fields from k before sending.
self.server_manager.update_server_list(k['gamename'], session_id, k, self.sessions[session_id].console)._getvalue()
if session_id in self.sessions:
self.sessions[session_id].gamename = k['gamename']
elif k['statechanged'] == "2": # Close server
self.server_manager.delete_server(k['gamename'] , session_id)
if session_id in self.sessions:
self.sessions.pop(session_id)
elif recv_data[0] == '\x04': # Add Error
self.log(logging.WARNING, address, "NOT IMPLEMENTED! Received add error from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x05': # Echo Response
self.log(logging.WARNING, address, "NOT IMPLEMENTED! Received echo response from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x06': # Client Message
self.log(logging.WARNING, address, "NOT IMPLEMENTED! Received echo from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x07': # Client Message Ack
#self.log(logging.WARNING, address, "NOT IMPLEMENTED! Received client message ack from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
self.log(logging.DEBUG, address, "Received client message ack from %s:%s..." % (address[0], address[1]))
elif recv_data[0] == '\x08': # Keep Alive
self.log(logging.DEBUG, address, "Received keep alive from %s:%s..." % (address[0], address[1]))
self.sessions[session_id].keepalive = int(time.time())
elif recv_data[0] == '\x09': # Available
# Availability check only sent to *.available.gs.nintendowifi.net
self.log(logging.DEBUG, address, "Received availability request for '%s' from %s:%s..." % (recv_data[5: -1], address[0], address[1]))
self.socket.sendto(bytearray([0xfe, 0xfd, 0x09, 0x00, 0x00, 0x00, 0x00]), address)
elif recv_data[0] == '\x0a': # Client Registered
# Only sent to client, never received?
self.log(logging.WARNING, address, "NOT IMPLEMENTED! Received client registered from %s:%s... %s" % (address[0], address[1], recv_data[5:]))
else:
self.log(logging.ERROR, address, "Unknown request from %s:%s:" % (address[0], address[1]))
self.log(logging.DEBUG, address, utils.pretty_print_hex(recv_data))
def handle_packet(self, socket, recv_data, address):
# Tetris DS overlay 10 @ 02144184 - Handle responses back to server
# Tetris DS overlay 10 @ 02144184 - Handle responses back to server
#
# After some more packet inspection, it seems the format goes something like this:
# - All server messages seem to always start with \xfe\xfd.
# - The first byte from the client (or third byte from the server) is a command.
# - Bytes 2 - 5 from the client is some kind of ID. This will have to be inspected later. I believe it's a
# session-like ID because the number changes between connections. Copying the client's ID might be enough.
#
# The above was as guessed.
# The code in Tetris DS (overlay 10) @ 0216E974 handles the network command creation.
# R1 contains the command to be sent to the server.
# R2 contains a pointer to some unknown integer that gets written after the command.
#
# - Commands
# Commands range from 0x00 to 0x09 (for client only at least?) (Tetris DS overlay 10 @ 0216DDCC)
#
# CLIENT:
# 0x01 - Response (Tetris DS overlay 10 @ 216DCA4)
# Sends back base64 of RC4 encrypted string that was gotten from the server's 0x01.
#
# 0x03 - Send client state? (Tetris DS overlay 10 @ 216DA30)
# Data sent:
# 1) Loop for each localip available on the system, write as localip%d\x00(local ip)
# 2) localport\x00(local port)
# 3) natneg (either 0 or 1)
# 4) ONLY IF STATE CHANGED: statechanged\x00(state) (Possible values: 0, 1, 2, 3)
# 5) gamename\x00(game name)
# 6) ONLY IF PUBLIC IP AND PORT ARE AVAILABLE: publicip\x00(public ip)
# 7) ONLY IF PUBLIC IP AND PORT ARE AVAILABLE: publicport\x00(public port)
#
# if statechanged != 2:
# Write various other data described here: http://docs.poweredbygamespy.com/wiki/Query_and_Reporting_Implementation
#
# 0x07 - Unknown, related to server's 0x06 (returns value sent from server)
#
# 0x08 - Keep alive? Sent after 0x03
#
# 0x09 - Availability check
#
# SERVER:
# 0x01 - Unknown
# Data sent:
# 8 random ASCII characters (?) followed by the public IP and port of the client as a hex string
#
# 0x06 - Unknown
# First 4 bytes is some kind of id? I believe it's a unique identifier for the data being sent,
# seeing how the server can send the same IP information many times in a row. If the IP information has
# already been parsed then it doesn't waste time handling it.
#
# After that is a "SBCM" section which is 0x14 bytes in total.
# SBCM information gets parsed at 2141A0C in Tetris DS overlay 10.
# Seems to contain IP address information.
#
# The SBCM seems to contain a little information that must be parsed before.
# After the SBCM:
# \x03\x00\x00\x00 - Always the same?
# \x01 - Found player?
# \x04 - Unknown
# (2 bytes) - Unknown. Port?
# (4 bytes) - Player's IP
# (4 bytes) - Unknown. Some other IP? Remote server IP?
# \x00\x00\x00\x00 - Unknown but seems to get checked
#
# Another SBCM, after a player has been found and attempting to start a game:
# \x03\x00\x00\x00 - Always the same?
# \x05 - Connecting to player?
# \x00 - Unknown
# (2 bytes) - Unknown. Port? Same as before.
# (4 bytes) - Player's IP
# (4 bytes) - Unknown. Some other IP? Remote server IP?
#
# 0x0a - Response to 0x01
# Gets sent after receiving 0x01 from the client. So, server 0x01 -> client 0x01 -> server 0x0a.
# Has no other data besides the client ID.
#
# - \xfd\xfc commands get passed directly between the other player(s)?
#
#
# Open source version of GameSpy found here: https://github.com/sfcspanky/Openspy-Core/tree/master/qr
# Use as reference.
session_id = None
if recv_data[0] != '\x09':
# Don't add a session if the client is trying to check if the game is available or not
session_id = struct.unpack("<I", recv_data[1:5])[0]
session_id_raw = recv_data[1:5]
if session_id not in self.sessions:
# Found a new session, add to session list
self.sessions[session_id] = self.Session(address)
self.sessions[session_id].session = session_id
self.sessions[session_id].keepalive = int(time.time())
self.sessions[session_id].disconnected = False
if session_id in self.sessions and self.sessions[
session_id].disconnected == True:
return
if session_id in self.sessions:
self.sessions[session_id].keepalive = int(
time.time()) # Make sure the server doesn't get removed
# Handle commands
if recv_data[0] == '\x00': # Query
self.log(
logging.DEBUG, address, session_id,
"NOT IMPLEMENTED! Received query from %s:%s... %s" %
(address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x01': # Challenge
self.log(
logging.DEBUG, address, session_id,
"Received challenge from %s:%s... %s" %
(address[0], address[1], recv_data[5:]))
# Prepare the challenge sent from the server to be compared
challenge = gs_utils.prepare_rc4_base64(
self.sessions[session_id].secretkey,
self.sessions[session_id].challenge)
# Compare challenge
client_challenge = recv_data[5:-1]
if client_challenge == challenge:
# Challenge succeeded
# Send message back to client saying it was accepted
packet = bytearray([0xfe, 0xfd,
0x0a]) # Send client registered command
packet.extend(session_id_raw) # Get the session ID
self.write_queue.put((packet, address))
self.log(
logging.DEBUG, address, session_id,
"Sent client registered to %s:%s..." %
(address[0], address[1]))
if self.sessions[session_id].heartbeat_data != None:
self.update_server_list(
session_id, self.sessions[session_id].heartbeat_data)
else:
# Failed the challenge, request another during the next heartbeat
self.sessions[session_id].sent_challenge = False
self.server_manager.delete_server(
self.sessions[session_id].gamename, session_id)
elif recv_data[0] == '\x02': # Echo
self.log(
logging.DEBUG, address, session_id,
"NOT IMPLEMENTED! Received echo from %s:%s... %s" %
(address[0], address[1], recv_data[5:]))
elif recv_data[0] == '\x03': # Heartbeat
data = recv_data[5:]
self.log(
logging.DEBUG, address, session_id,
"Received heartbeat from %s:%s... %s" %
(address[0], address[1], data))
# Parse information from heartbeat here
d = data.rstrip('\0').split('\0')
# It may be safe to ignore "unknown" keys because the proper key names get filled in later...
k = {}
for i in range(0, len(d), 2):
#self.log(logging.DEBUG, address, session_id, "%s = %s" % (d[i], d[i+1]))
k[d[i]] = d[i + 1]
if self.sessions[session_id].ingamesn != None:
if "gamename" in k and "dwc_pid" in k:
try:
profile = self.db.get_profile_from_profileid(
k['dwc_pid'])
naslogin = self.db.get_nas_login_from_userid(
profile['userid'])
self.sessions[session_id].ingamesn = str(
naslogin['ingamesn']
) # convert to string from unicode(which is just a base64 string anyway)
except Exception, e:
pass # If the game doesn't have, don't worry about it.
if self.sessions[
session_id].ingamesn != None and "ingamesn" not in k:
k['ingamesn'] = self.sessions[session_id].ingamesn
if "gamename" in k:
if k['gamename'] in self.secret_key_list:
self.sessions[session_id].secretkey = self.secret_key_list[
k['gamename']]
else:
self.log(
logging.INFO, address, session_id,
"Connection from unknown game '%s'!" % k['gamename'])
if self.sessions[session_id].playerid == 0 and "dwc_pid" in k:
# Get the player's id and then query the profile to figure out what console they are on.
# The endianness of some server data depends on the endianness of the console, so we must be able
# to account for that.
self.sessions[session_id].playerid = int(k['dwc_pid'])
# Try to detect console without hitting the database first
found_console = False
if 'gamename' in k:
self.sessions[session_id].console = 0
if k['gamename'].endswith('ds') or k['gamename'].endswith(
'dsam') or k['gamename'].endswith(
'dsi') or k['gamename'].endswith('dsiam'):
self.sessions[session_id].console = 0
found_console = True
elif k['gamename'].endswith(
'wii') or k['gamename'].endswith(
'wiiam') or k['gamename'].endswith(
'wiiware') or k['gamename'].endswith(
'wiiwaream'):
self.sessions[session_id].console = 1
found_console = True
if found_console == False:
# Couldn't detect game, try to get it from the database
# Try a 3 times before giving up
for i in range(0, 3):
try:
profile = self.db.get_profile_from_profileid(
self.sessions[session_id].playerid)
if "console" in profile:
self.sessions[session_id].console = profile[
'console']
break
except:
time.sleep(0.5)
if 'publicip' in k and k[
'publicip'] == "0": #and k['dwc_hoststate'] == "2": # When dwc_hoststate == 2 then it doesn't send an IP, so calculate it ourselves
be = self.sessions[session_id].console != 0
k['publicip'] = str(
utils.get_ip(
bytearray([int(x) for x in address[0].split('.')]), 0,
be))
if 'publicport' in k and 'localport' in k and k['publicport'] != k[
'localport']:
self.log(logging.DEBUG, address, session_id, "publicport %s doesn't match localport %s, so changing publicport to %s..." \
% (k['publicport'], k['localport'], str(address[1])))
k['publicport'] = str(address[1])
if self.sessions[session_id].sent_challenge == True:
self.update_server_list(session_id, k)
else:
addr_hex = ''.join(
["%02X" % int(x) for x in address[0].split('.')])
port_hex = "%04X" % int(address[1])
server_challenge = utils.generate_random_str(
6) + '00' + addr_hex + port_hex
self.sessions[session_id].challenge = server_challenge
packet = bytearray([0xfe, 0xfd,
0x01]) # Send challenge command
packet.extend(session_id_raw) # Get the session ID
packet.extend(server_challenge)
packet.extend('\x00')
self.write_queue.put((packet, address))
self.log(
logging.DEBUG, address, session_id,
"Sent challenge to %s:%s..." % (address[0], address[1]))
self.sessions[session_id].sent_challenge = True
self.sessions[session_id].heartbeat_data = k
