So I have a short thought some time ago about a possibility of a ROM hack or something that gives DS/DSi access to modern SSL/TLS websites. I'm curious about it and if it's possible.
What is in the certificates and how could we somehow replace it with better and updated certificates?im working on it. i extracted the dsi browser rom and found that the certificates are located in a folder labeled "ca" and i found that 14 of the certificates are expired so im going to try to find newer ones to replace them. hopefully it works
i just looked looked for the name of the expired certificates and downloaded the newest certificate from the company who issued them. but now i have a issue that the certificates from google are in .crt or .pem and the ones from the rom are in .caWhat is in the certificates and how could we somehow replace it with better and updated certificates?
I find some source about the format itself: https://stackoverflow.com/questions/20501865/ssl-certificate-files-no-ca-filei just looked looked for the name of the expired certificates and downloaded the newest certificate from the company who issued them. but now i have a issue that the certificates from google are in .crt or .pem and the ones from the rom are in .ca
Can you rename it as .ca instead? Does it work?i just looked looked for the name of the expired certificates and downloaded the newest certificate from the company who issued them. but now i have a issue that the certificates from google are in .crt or .pem and the ones from the rom are in .ca
So... I checked the files (Nintendo DS Browser) via Tinke 0.9.2 and I found out that the cert folder actually uses .pem files:i just looked looked for the name of the expired certificates and downloaded the newest certificate from the company who issued them. but now i have a issue that the certificates from google are in .crt or .pem and the ones from the rom are in .ca
So i tried changing the files with exact filenames. Either it's true that they hardcoded it to the code, which is not my expertise or something... The only thing bothering me is the DSi browser.It's always possible it might be hardcoded to only use those specific certificate file names and that it might not be able to just dynamically load new ones.
Pretty sure that was the case, I could recommend using some rendering proxy for this for now.There may be a config setting for this but there is no guarantee that they are even implemented in the code in the first place. Higher TLS versions being enabled and implemented wouldn't really matter anyway, because the browser still needs valid (non-expired) certificates for those sites to load.
You might want to use https://github.com/R-YaTian/TinkeDSi/releases, I don't think DSLazy would correctly repack the ROMSome updates: I tried modifying the config file and recompile the DSi browser and that didn't do well. I used dslazy for this.
EDIT:
View attachment 307537