Nintendo DS Doesn't Support WPA?!?

The BBQ Pit
1

Hi, I’m Bricker Jr.'s dad. You may remember me from such threads as “What the Hell is ‘Pokemon’?” and “Why is my wallet suddenly empty?”

For those that missed these earlier classics, my son, age 6, has discovered Pokemon with the fervor of a new convert, and despite not being any kind of a computer or console gamer, my household has in short order become innundated with all things Pokemon.

One of these is “Pokemon Diamond,” a handheld game played on the Nintendo DS. Now, not only is this game stand-alone experience, but he can trade captured Pokemon-animals with his friends and even battle his creatures against their creatures through the magic of wireless communications.

If the friends are face-to-face, everything is fine. But this piece of gos se hardware also can connect using wi-fi to a local access point and thence to Nintendo World HQ, where you can connect with your friend at his house and trade or battle.

It is this latter configuration that is making me crazy.

It doesn’t support WPA encryption.

Now, again for those that don’t follow these things closely, there are two general types of encryption available for your home wi-fi. WEP, which stands for “Wired Equivalent Privacy,” is a most egregiously misnamed standard, since it provides all the security of a soggy piece of Kleenex.

The correct way to secure your wireless network is to use WPA (Wi-Fi Protected Access) and a long random passphrase, which makes your wireless traffic reasonably secure.

In the Bricker household, we have a wireless access point, running WPA2 and using a 40 character random passphrase.

Can’t use Nintendo DS to connect to the Global Trade System. No, no. These horsecock lovers don’t support WPA. I call their tech support:

“Unplug your computer before using your DS, and it then it can’t be compromised.”

Listen, shit-for-brains (which is really a compliment, since even if you had shit between your ears it could probably still accomplish some sort of pseudo-synaptic activity, which would surpass whatever you’re doing with your head) the point is not to protect my internal network from attack. The point is to prevent my connection from being used. And unless I enter a new WEP key every time, an attacker can sniff out and decrypt my traffic and then wait until the DS session is over and my computer is back on, if the goal was to attack my internal network!

I explain this, politely redacting the synaptic shit observation. Response?

“Uh… the wireless router will still work if you turn your computer off, you know.”

Yes. Yes, I do know. Not that your comment has fuck-all to do with the objection I just raised. Perhaps I should have chosen to speak English instead of aboriginal click-language. Oh, wait, I DID say it in English, rat-fucker!

So. After that conversation, which was as welcome as George Soros at the White House, I have to figure out how to support the ardent desire of my child to battle his friends over Nintendo DS wi-fi without compromising my local system’s security.

I have a plan involving an additional WAP connected to an inline bridge that does packet destination filtering, but that’s going to be a bother to set up.

I hate Nintendo and their ass faces.

2

You know, when I was a kid, if we wanted an inline bridge that did packet destination filtering, we had to set it up ourselves. Taught us personal responsibility and built character.

3

When I was kid, if we wanted to battle our friends, we threw rocks at them.
(Love the aboriginal click language line)

4

Hey man, like, what gives you the right to keep everyone else off your connection anyway? Bandwidth is meant to be shared, man! Like this joint… aw, where’s my joint?

5

I just have a spare WAP that I only plug in when I want to use the DS. The rest of the time? Unplugged. I don’t care if they try to connect to it… it’s not going to go anywhere.

Edit: Unplugged from the network.

6

But you’re the DS user – which means you are the person responsible for plugging it in, using the DS, and then unplugging when you’re done, right?

I want to have a set-up that Bricker Jr can use on his own. Now, he’s sharp enough, no question, to easily learn how to plug in the extra WAP. But he’s not the best at remembering to UNPLUG when he’s done, so I am pretty sure that the end result of this plan will be that, after a week or so of careful attentiveness, the thing will be left on by accident, which kinda defeats the purpose.

I could be the one that has to set it up for him, but that means he has to get me or his mom involved every time he wants to trade or battle with his friends. Not ideal, either, although that’s going to be the interim solution until I get a new dual-ethernet card installed on the Linux box and Snort running.

7

I think you can get a WAP that plugs into a USB port to share your PC’s internet connection (wired, wireless, whatever).

Maybe this? Would that help?

8

Yes…WEP can be hacked. There is one element that is needed…someone has to really really want to hack it and with all the open wireless connections around the chances are pretty slim.

9

Bricker, this usb device will do it w/out you having to alter your network, BUT it appears they don’t seem to be making them new anymore? At least, Amazon doesn’t seem to have them, but they have the new and used listings for them.

10

It might. It depends on what “The Nintendo Wi-Fi USB Connector will ONLY work with the Nintendo DS” actually means. Does it mean some sort of code that looks for a MAC address pattern that only Nintendo DS has? Then that’s nothing, becauseit’s ridiculously easy to spoof a MAC address.

Does it mean something more secure? If so, this could be exactly the right answer!

11

This is all the rest of the information I could find on it with a casual glance :
This is from when IGN first got their hands on one in 2005. Not much technical detail, but it does show you the interface on the PC side.

This provides a little information about it as well (half way down) and how people have hacked the device thanks to a common chipset (Ralink). Since it is a common chip, might not be the most secure thing around either. How many would go searching for one of these to piggyback on though?

12

You might be able to get away with using a single WAP to do this. For example, here’s a HOWTO for multiple WLANs with different security under DD-WRT: Separate WLANs - DD-WRT Wiki

13

I’d need to use third-party firmware on the WAP.

The configuration is sound, but I don’t have a combined WAP and router. I’m using a separate WAP and a hardened Linux box as my external interface, and it’s the thing that’s doing NATting and port-forwarding between the outside world and my internal networks.

14

Wow, talk about plucking a diamond from some well-trodden rough. This is the only time in human history that a “back in my day, kids had it tougher” line was ever actually funny. Good one!

15

Ummm, please don’t hurt me, but do you really need your network to be super-secure?

I’d say it sounds like a lot of hassle for a videogame, but I was that kid growing up. Spoil him rotten I say!

16

Clearly the solution is to compromise someone else’s local system’s security. :smiley:

17

An easier idea might be to make the SSID non-broadcast, then tone down your security to WEP. Unless you have someone who is parking by your house and running Kismet all day to sniff packets, you should be fine. And if you do have someone doing that, well, you have other problems.

18

Are the forces of darkness really out to hijack your wi-fi that you need to be so concerned?

19

Well, yeah, but I think most of those other problems are solved by using WPA.

Hiding the SSID doesn’t really add any extra security to WEP - it would prevent casual passers-by from connecting to a completely unsecured wireless network, but the tools required to detect a wireless connection with a non-broadcast SSID are the same general tools required to crack WEP - if someone is tooled up to do that, hiding the SSID is not an obstacle to them - if they’re not tooled up to do it, letting them see the SSID doesn’t give them anything.

20

Sniff. And I had a WPA/Roosevelt zinger here in the wings. It was golden, I tells ya–Golden!