Using DS on Wiimmfi - now without hacks!

      That's really nice, finally I can play my favourite Mario Kart game again :D

      I remember the goold old days - and the three DSses that got their shoulder buttons broken from playing Mario Kart DS too much...

      I also have a question: how do you deal with the safety issues an open or WEP encrypted WiFi comes with?

      In our countryhouse that's not that much of a problem, simply because it is too far away from the next road, so that nobody can reach the unsafe WiFi without becoming a burglar.

      However, in a city like Vienna where our main residence is, it is a problem, since houses and streets are much closer to each other and anyone can drive by to hack the WiFi.

      Is it possible to set up a seperate free or WEP encrypted WiFi and deny all connections besides the DS Wiimmfi one to minimize the risk of getting hacked?

      If yes, which additional hardware do I need, (assuming I already have a network/server rack with the router/modem and a switch to supply LAN to rooms and WPA2 encrypted WiFi acces points) and for setting up a firewall, which connections and ports need to be allowed for DS wiimmfi to work?

      • Firmware 4.3E
      • Softmod per LetterBomb
      • Bootmii als IOS
      • Homebrew-Channel 1.1.2
      • Riivolution 1.06 mit CTGP-R, Ocarina-Handler und Wiimm-Fi-Patcher
      :43px-GCNController.svg: :43px-GCNController.svg: :43px-GCNController.svg: :43px-GCNController.svg: :43px-GCNController.svg: :8px-Wiimote1.svg: :8px-WiiMote2.svg: :8px-WiiMote3.svg.png: :8px-Wiimote4.svg: :8px-Wiimote1.svg: :26px-Nunchuck_alternative.svg: :26px-Nunchuck_alternative.svg: :26px-Nunchuck_alternative.svg:


      • Famicom - Famicom Disk System, AV-Mod, 2 Controller
      • Nintendo NES - 2 Controller
      • Super Famicom - 2 Controller, Super GameBoy 2, Koffer
      • Nintendo 64 - 2 graue Controller, Controller-Pak
      • Gamecube - 5 Controller, 1 Memorycard
      • Wii - Firmware 4.3E, gesoftmodded (LetterBomb), 5 Wiimotes, 3 Nunchucks, 2 Wiils
      • Wii U - Firmware 5.5E, vWii gesoftmodded (SmashStack), GCN-Adapter, 1 Gamepad
      • Switch - Custom Skin, 2 JoyCons, 1 Pro-Controller


      • Gameboy - Koffer, Netzteil mit aufladbarem Akku
      • Gameboy Advance
      • DS - hat den Schultertasten-Brick
      • DSi - auch defekte Schultertasten
      • 3DS - hat einen Scharnierbruch
      • 3DS XL - mit Controllergrip
      • New 3DS XL - Firmware 10.3.0-28E

      Mariofan13 schrieb:

      That's really nice, finally I can play my favourite Mario Kart game again :D

      I remember the goold old days - and the three DSses that got their shoulder buttons broken from playing Mario Kart DS too much...

      I also have a question: how do you deal with the safety issues an open or WEP encrypted WiFi comes with?

      In our countryhouse that's not that much of a problem, simply because it is too far away from the next road, so that nobody can reach the unsafe WiFi without becoming a burglar.

      However, in a city like Vienna where our main residence is, it is a problem, since houses and streets are much closer to each other and anyone can drive by to hack the WiFi.

      Is it possible to set up a seperate free or WEP encrypted WiFi and deny all connections besides the DS Wiimmfi one to minimize the risk of getting hacked?

      If yes, which additional hardware do I need, (assuming I already have a network/server rack with the router/modem and a switch to supply LAN to rooms and WPA2 encrypted WiFi acces points) and for setting up a firewall, which connections and ports need to be allowed for DS wiimmfi to work?
      Consider using the "Guest Network" feature on your modem or router, assuming you have this available. This will create a second private network (like a second LAN interface), and you can set people connecting to the guest network to be part of that separate LAN interface, minimizing risk to being hacked to only that interface (and an available connection to the world wide web / Internet).
      To make sure no one else gets on that virtual interface except your DS, you can use MAC address filtering. Also be sure to turn off the access point when you stop using it as someone else can connect with a spoofed MAC address.

      Alternatively, if there is not a guest network feature, you might want to look into custom firmware that allows your router/modem to create multiple LAN interfaces and access points. Here is a step-by-step guide on how to create such an interface easily (but does take time to set up).

      If neither of which is possible, you'll need to use other hardware to take care of the job. Typically a second router, or a Wi-Fi hotspot run by your computer (Windows 10 can do this in a couple of seconds natively) will work as long as it doesn't impose too much problems with NAT traversal (which it typically doesn't).
      Disclaimer: The image below is my forum signature and has no correlation to my original message or response.


      Also, if your router does support it, bandwidth restrictions might be a good idea; you could always restrict all non-wiimmfi IPs to 1-2Mbit/s (or all traffic to 1-2Mbit/s), so you can connect to Wiimmfi easily (And still play with peers! since P2P traffic is just the IP of various players) to also be a deterrent, with obvious "bad sites" blocked ;p

      I currently host the DLS1, GAMESTATS, and Peerchat server for Wiimmfi. if you have any issues with leaderboards (excluding MKW!), Mystery Gifts or other in-game downloadables, or Pokémon Wi-Fi Plaza, I can try to help!
      A while ago I wrote a bunch of iptables filter rules for that. If you have a linux machine you could use as router you could run these on that. It should be as secure as possible, first only allowing traffic to the Wiimmfi IP, then, as soon as it hits NATNEG, allow connecting to everything for a few seconds, then afterwards, only allow packets to already known destinations. I could check if I still have these somewhere and send them to you if that helps.

      DevkitPro Archiv (alte Versionen / old versions): wii.leseratte10.de/devkitPro/
      Want to donate for Wiimmfi and Wii-Homebrew.com? Patreon / PayPal

      Dieser Beitrag wurde bereits 0 mal editiert, zuletzt von Leseratte ()

      This should do the trick. Although I haven't tested it with DS, haven't tested it with the new MKWii update system, and haven't used it in over a year, so it may not work correctly. Plus, stuff like gamestats and DLS isn't implemented yet, just gameplay for MKWii.

      Shell-Script

      1. #!/bin/bash
      2. iptables -F
      3. iptables -X
      4. wiimmfi_core="wiimmfi.de"
      5. nn1="mariokartwii.natneg1.gs."$wiimmfi_core
      6. nn2="mariokartwii.natneg2.gs."$wiimmfi_core
      7. nn3="mariokartwii.natneg3.gs."$wiimmfi_core
      8. nas="nas."$wiimmfi_core
      9. gpcm="gpcm.gs."$wiimmfi_core
      10. gpsp="gpsp.gs."$wiimmfi_core
      11. master="master.gs."$wiimmfi_core
      12. ms="ms.gs."$wiimmfi_core
      13. localnet="10.0.0.0/8,172.16.0.0/12,192.168.0.0/24"
      14. # DNS
      15. iptables -A FORWARD -p udp --dport 53 -j ACCEPT
      16. iptables -A FORWARD -p udp --sport 53 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      17. # MASTER
      18. iptables -A FORWARD -p udp -d $master --dport 27900 -m recent --set --rsource --name MASTER -j ACCEPT
      19. iptables -A FORWARD -p udp -s $master --sport 27900 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      20. # HTTP(s)
      21. iptables -A FORWARD -p tcp -d $nas --dport 80 -j ACCEPT
      22. iptables -A FORWARD -p tcp -s $nas --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      23. iptables -A FORWARD -p tcp -d $nas --dport 443 -j ACCEPT
      24. iptables -A FORWARD -p tcp -s $nas --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      25. # GPCM
      26. iptables -A FORWARD -p tcp -d $gpcm --dport 29900 -m recent --rcheck --rsource --seconds 30 --name MASTER -j ACCEPT
      27. iptables -A FORWARD -p tcp -s $gpcm --sport 29900 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      28. # GPSP
      29. iptables -A FORWARD -p tcp -d $gpsp --dport 29901 -j ACCEPT
      30. iptables -A FORWARD -p tcp -s $gpsp --sport 29901 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      31. # MS
      32. iptables -A FORWARD -p tcp -d $ms --dport 28910 -j ACCEPT
      33. iptables -A FORWARD -p tcp -s $ms --sport 28910 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      34. # NATNEG
      35. iptables -A FORWARD -p udp -d $nn1 --dport 27901 -m recent --set --rsource --name p2p-out -j ACCEPT
      36. iptables -A FORWARD -p udp -d $nn2,$nn3 --dport 27901 -j ACCEPT
      37. iptables -A FORWARD -p udp -s $nn1,$nn2,$nn3 --sport 27901 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      38. # p2p
      39. iptables -A FORWARD -p udp -s $localnet --sport 1024:65535 --dport 1024:65535 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      40. iptables -A FORWARD -p udp -d $localnet --sport 1024:65535 --dport 1024:65535 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      41. iptables -A FORWARD -p udp -s $localnet --sport 1024:65535 --dport 1024:65535 -m conntrack --ctstate NEW -m recent --rcheck --rsource --seconds 15 --name p2p-out -j ACCEPT
      42. iptables -A FORWARD -p udp -d $localnet --sport 1024:65535 --dport 1024:65535 -m conntrack --ctstate NEW -m recent --rcheck --rdest --seconds 15 --name p2p-out -j ACCEPT
      43. iptables -N LOGGING
      44. iptables -A FORWARD -j LOGGING
      45. iptables -A LOGGING -m limit -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
      46. iptables -A FORWARD -j DROP
      47. iptables -L
      Alles anzeigen

      DevkitPro Archiv (alte Versionen / old versions): wii.leseratte10.de/devkitPro/
      Want to donate for Wiimmfi and Wii-Homebrew.com? Patreon / PayPal

      Dieser Beitrag wurde bereits 0 mal editiert, zuletzt von Leseratte ()

      Ok, awesome!
      For reference, the DS would need nintendowifi.net not wiimmfi.de, gamestats is gamestats2.gs. and gamestats.gs, DLS1 is dls1.ilostmymind.xyz - other than that, I'll try it out later c:

      I currently host the DLS1, GAMESTATS, and Peerchat server for Wiimmfi. if you have any issues with leaderboards (excluding MKW!), Mystery Gifts or other in-game downloadables, or Pokémon Wi-Fi Plaza, I can try to help!
      The hostnames are irrelevant, the IP is what counts. Thus as long as you play on Wiimmfi it doesn't matter if we use nas.wiimmfi.de or nas.nintendowifi.net as filter for login.

      DevkitPro Archiv (alte Versionen / old versions): wii.leseratte10.de/devkitPro/
      Want to donate for Wiimmfi and Wii-Homebrew.com? Patreon / PayPal

      Dieser Beitrag wurde bereits 0 mal editiert, zuletzt von Leseratte ()

      Just a stupid question: Does setting up a wifi hotspot using my PC work for MKDS? This would make everything easier, I can shut the wifi off when I don't play MKDS and it would be easer for me to implement firewall rules.
      I'm planning to get a new DS at the next Retro-Börse in Vienna and start MKDS playing on Wiimmfi afterwards, because shoulder buttons on my ones are broken... ;)

      • Firmware 4.3E
      • Softmod per LetterBomb
      • Bootmii als IOS
      • Homebrew-Channel 1.1.2
      • Riivolution 1.06 mit CTGP-R, Ocarina-Handler und Wiimm-Fi-Patcher
      :43px-GCNController.svg: :43px-GCNController.svg: :43px-GCNController.svg: :43px-GCNController.svg: :43px-GCNController.svg: :8px-Wiimote1.svg: :8px-WiiMote2.svg: :8px-WiiMote3.svg.png: :8px-Wiimote4.svg: :8px-Wiimote1.svg: :26px-Nunchuck_alternative.svg: :26px-Nunchuck_alternative.svg: :26px-Nunchuck_alternative.svg:


      • Famicom - Famicom Disk System, AV-Mod, 2 Controller
      • Nintendo NES - 2 Controller
      • Super Famicom - 2 Controller, Super GameBoy 2, Koffer
      • Nintendo 64 - 2 graue Controller, Controller-Pak
      • Gamecube - 5 Controller, 1 Memorycard
      • Wii - Firmware 4.3E, gesoftmodded (LetterBomb), 5 Wiimotes, 3 Nunchucks, 2 Wiils
      • Wii U - Firmware 5.5E, vWii gesoftmodded (SmashStack), GCN-Adapter, 1 Gamepad
      • Switch - Custom Skin, 2 JoyCons, 1 Pro-Controller


      • Gameboy - Koffer, Netzteil mit aufladbarem Akku
      • Gameboy Advance
      • DS - hat den Schultertasten-Brick
      • DSi - auch defekte Schultertasten
      • 3DS - hat einen Scharnierbruch
      • 3DS XL - mit Controllergrip
      • New 3DS XL - Firmware 10.3.0-28E

      Yes you could do so as long as your pc can do a hotspot where your ds is on the main network, not on a subnet from your pc (ie if your ds has a different IP/Subnet/Gateway to your main network it'll be on another NAT and can be a huge issue)

      I currently host the DLS1, GAMESTATS, and Peerchat server for Wiimmfi. if you have any issues with leaderboards (excluding MKW!), Mystery Gifts or other in-game downloadables, or Pokémon Wi-Fi Plaza, I can try to help!
      Class5xxyyNetwork connection error. »yy« is interface-specific.
      Device5xxyyUnknown interface.
      Error510yyAP / WiFi-USB-Connector not found (Wii only).

      5xxyy errors are your own Internet connection, and not Wiimmfi.

      I currently host the DLS1, GAMESTATS, and Peerchat server for Wiimmfi. if you have any issues with leaderboards (excluding MKW!), Mystery Gifts or other in-game downloadables, or Pokémon Wi-Fi Plaza, I can try to help!