NDS/Network WMB Beacons

From Dev-Scene

< NDS

Contents

[edit] WMB Beacon Format

When a DS is hosting a WMB download or Pictochat room it acts as an Access Point, broadcasting beacons. In the case of WMB, a description of the hosted download is given in the beacon contents.

The beacons do not have a SSID parameter. A vendor specific tagged parameter, identified by the tag number 0xDD, is present. The data for this parameter always starts with the three byte sequence 00:09:bf identifying the parameter as Nintendo.

The layout of the beacons is as follows: 

Fixed parameters:
Timestamp
Beacon Interval
Capability Information: (0x0021 - Transmitter is AP, Short Preamble allow) 
 
Tagged parameters:
Supported Rates: (1 Mbit/s and 2Mbit/s)
DS parameter set (gives the channel number the host is using)
Traffic Indication Map (DTIM period of 2, DTIM coutn alternate between 0 and 1)
Nintendo Parameter

[edit] The Initial 21 Bytes

The initial 21 bytes (after the Nintendo ID) appear in all beacons (WMB and Pictochat) sent out by a DS. The following table gives values seen when the DS has been doing various things. The descriptions given is a possible function of the byte or byte sequence.

Initial 21 Bytes
Beacon Type Blank WMB (Meteos Demo) WMB (Meteos Demo) Pictochat room A Meteos VS play MKart VS play Description
Offset
00 00 00 00 00 00 unknown
01 0a 0a 0a 0a 0a unknown
02 00 00 00 00 00 unknown
03 00 00 00 c0 00 unknown
04 00 00 00 6f 00 unknown
05 01 01 01 01 01 unknown
06 00 00 00 00 00 unknown
07 00 80 00 00 00 A repeat of the two bytes at 0b? Showing something is active?
08 00 00 00 00 00 see previous
09 17 17 00 17 25 The values 17,00,80 and 00 are repeated as the first 4 bytes in the wmb header that follows if a wmb. These values vary between games.
0a 00 00 00 00 00 see previous
0b 80 80 00 80 00 see previous
0c 00 00 00 00 00 see previous
0d 00 00 01 00 95 This and the following byte are

used in association (see below) for picto and wmb. In the case of picto this number is incremented every so often.

0e 88 88 00 0a b4 see previous byte
0f 00 70 08 70 70 payload size (in bytes)
10 09 0b 01 01 0b unknown
11 00 00 c0 14 fe unknown
12 01 01 00 01 01 unknown
13 08 08 c0 44 08 unknown
14 00 00 48 00 00 unknown
Payload size (in bytes) 0 112 8 112 112

The Blank WMB is the first beacon sent out by a DS after starting up as a WMB host.


[edit] WMB Beacons

A WMB host follows the 21 intial bytes with further 112 byte (although there is no reason why this could not vary as size fields are included). These 112 are divided into two parts, the WMB header (14 bytes) and the payload.

The WMB beacons advertise the download being provided and the current clients connected. The advert beacons come first followed by the client beacon(s). The transmission of the beacons cycles round.

A non advert beacon must be included otherwise a DS will not pick up the beacons.


[edit] WMB Header

WMB Header bytes
Offset Size (in bytes) Description
00 2 Game Id (repeated from initial 21 bytes)
02 2 Stream Id (repeated from initial 21 bytes)
04 1 Non Advert payload marker
05 1 Unknown (only ever seen zero here)
06 1 Current number of clients connected
07 1 Sequence number
08 2 Checksum
0a 1 Advert Sequence number
0b 1 Advert length in beacons (not including non advert payload beacons)
0c 2 Payload size in bytes

The game id and stream called this as that is what I have seen them called elsewhere.

The non advert payload marker has a value of 0x00 for beacons contains advert payloads and a value of 0x02 for beacons containing client information (see below).

The sequence number starts at zero for the first advert beacon and increase by one for each beacon transmitted, resetting to zero when the first advert beacon is next transmitted.

A checksum over the bytes following this checksum field to the end of the payload. The checksum is the negated sum of the 16 bit words. It can be computed using the following C code. length is the number of 16 bit words to perform the checksum over. 

static uint16_t beacon_checksum(uint16_t *buff, int length) {
  int j;
  uint32_t crc = 0;
  for (j = 0; j < length; j++) {
    crc += buff[j];
  }
  crc = (crc >> 16) + (crc & 0xffff);
  if ( crc & 0x10000) {
    crc += 1;
  }
  crc = ~crc;
  crc &= 0xffff;
  return crc;
}

Advert sequence number follows the value of the first sequence number for advert payload beacons. For client information beacons its value is unknown (0x01 has been seen when no clients are connected and 0x02 when one client is connected).

The payload size gives the number of valid bytes following. If necessary the beacon is padded with zero value bytes up to the correct length. This is not quite true for client payloads (more information is needed).


[edit] WMB Payload

[edit] Advert payload

The advert has the following format:

OffsetSize (in bytes)Description
0x0000 32 Icon palette (from the banner in the nds file)
0x0020 512 Icon tiles (from the banner in the nds file)
0x0220 1 Unknown (value does not appear to matter)
0x0221 1 The length of the host name (in character)
0x0222 20 Host name (10 UCS-2 characters)
0x0236 1 Maximum number of player
0x0237 1 Unknown (value of 0x00)
0x0238 96 Game name (48 UCS-2 characters)
0x0298 192 Game description (96 UCS-2 characters)

The game name and description can by retreived from the banner structure in the nds file.

This advert is split between 9 beacons, the first eight of which have a payload of 98 bytes and the nineth 72 bytes.

[edit] Client payload

Not much known here. It is transmitted in beacons with the non advert marker field set to 0x2.

If no clients are connected then the payload size is set to 1 and the value of the byte is 0x00.

If one client is connected then the payload size is set to 3. The value of the first two bytes is 0x02, 0x00. The value of the third varies. The next bit breaks the payload size field in the header (??). The next byte gives the size of the client's name in characters. The client's name then follows.

Retrieved from "http://www.dev-scene.com/NDS/Network_WMB_Beacons"
Dev-Scene (c) Ashley "MrShlee" Hull.