Hacking "Nintendo Proxy" it's possible?

Falkiner

Falkiner

Well-Known Member
OP
Newcomer
Level 2
Joined
Mar 16, 2013
Messages
81
Trophies
1
Age
30
XP
237
Country
Brazil
On the Vita scene we have a program called "PS3.ProxyServer" that we can use to redirect the console update to a file on your computer, so we can update to whatever version we want (it's not possible to downgrade this way).

I really don't have any idea of how the Nintendo Update works, but this can be possible? On Sony consoles we have just have a single file, so it's easy to redirect the update, on 3DS we have a bunch of CIA files I don't know if when the console update all those CIA are downloaded or just one file...

Like, if someone soft-brick their console trying to downgrade it will need to restore, the system will restore, but when connected to the proxy it will download the 10.3 update files, so we can avoid users from going to 10.5.

What you guys think?
 
mashers

mashers

Stubborn ape
Member
Level 15
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
Redirecting the updater server would be fairly trivial - a case of setting up a DNS server which resolved the updater server host names to IP addresses on the local network. The more difficult part would be to establish which files are downloaded from the server and in which format. Running some kind of sniffer on the network should reveal what is being sent and received. Hopefully it's just HTTP traffic so you could then host the files on a web server yourself, redirect the hosts using a DNS server, and have your web server serve the 10.3 update files. However, something tells me Nintendo wouldn't make it so easy and that the update server probably uses a non-standard protocol. Sniffing what is being sent and received would reveal this, but it would then be a case of working out the protocol and possibly making a custom server which conforms to this protocol in order to have it interact with the 3DS.

einhuman197 said:
Will only work on <9.2.
Click to expand...
Why? OP is talking about tricking the 3DS recovery mode into downloading the recovery files from a different server so you get the 10.3 CIAs instead of 10.5 (or whatever is the latest version at the time). I see no reason why 9.2 would be needed for that.
 
  • Like
Reactions: einhuman197 and Deleted User
ihaveahax

ihaveahax

Well-Known Member
Member
Level 18
Joined
Apr 20, 2015
Messages
6,070
Trophies
2
XP
7,843
Country
United States
mashers said:
Redirecting the updater server would be fairly trivial - a case of setting up a DNS server which resolved the updater server host names to IP addresses on the local network. The more difficult part would be to establish which files are downloaded from the server and in which format. Running some kind of sniffer on the network should reveal what is being sent and received. Hopefully it's just HTTP traffic so you could then host the files on a web server yourself, redirect the hosts using a DNS server, and have your web server serve the 10.3 update files. However, something tells me Nintendo wouldn't make it so easy and that the update server probably uses a non-standard protocol. Sniffing what is being sent and received would reveal this, but it would then be a case of working out the protocol and possibly making a custom server which conforms to this protocol in order to have it interact with the 3DS.


Why? OP is talking about tricking the 3DS recovery mode into downloading the recovery files from a different server so you get the 10.3 CIAs instead of 10.5 (or whatever is the latest version at the time). I see no reason why 9.2 would be needed for that.
Click to expand...
based on this guide for 8.1.0-0J to 9.2.0-20J (New3DS), the update server probably uses HTTPS.

https://gbatemp.net/threads/guide-upgrading-8-1-0-0j-to-9-2-0-20j.384960/
 
  • Like
Reactions: Falkiner
mashers

mashers

Stubborn ape
Member
Level 15
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
ihaveahax

ihaveahax

Well-Known Member
Member
Level 18
Joined
Apr 20, 2015
Messages
6,070
Trophies
2
XP
7,843
Country
United States
mashers said:
Nice. Unfortunately that guide involves booting into CFW to retrieve some information to get it working. I wonder whether a more generic solution is possible.
Click to expand...
probably not unfortunately. "NTR CFW" isn't really a custom firmware like ReiNand or rxTools, but still requires kexpoits to get around the HTTPS thing.
 
mashers

mashers

Stubborn ape
Member
Level 15
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
ihaveamac said:
probably not unfortunately. "NTR CFW" isn't really a custom firmware like ReiNand or rxTools, but still requires kexpoits to get around the HTTPS thing.
Click to expand...
Also it won't help if the 3DS is softbricked anyway ;) I don't really understand the tutorial you linked to, but from what I can tell the changes made in NTR CFW are designed to make the NIM module communicate with a different server. Could this not be achieved using a custom DNS solution instead?
 
ihaveahax

ihaveahax

Well-Known Member
Member
Level 18
Joined
Apr 20, 2015
Messages
6,070
Trophies
2
XP
7,843
Country
United States
mashers said:
Also it won't help if the 3DS is softbricked anyway ;) I don't really understand the tutorial you linked to, but from what I can tell the changes made in NTR CFW are designed to make the NIM module communicate with a different server. Could this not be achieved using a custom DNS solution instead?
Click to expand...
sure, but it still uses HTTPS and you can't really get around that without forcing the software to not use HTTPS I think.

the reason tubehax worked is because the YouTube application didn't connect to youtube.com over a secure connection. updates do that however. if not, we'd have a super easy and safe way to get to 9.2 that isn't using sysUpdater. :(
 
mashers

mashers

Stubborn ape
Member
Level 15
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
ihaveamac said:
sure, but it still uses HTTPS and you can't really get around that without forcing the software to not use HTTPS I think.

the reason tubehax worked is because the YouTube application didn't connect to youtube.com over a secure connection. updates do that however. if not, we'd have a super easy and safe way to get to 9.2 that isn't using sysUpdater. :(
Click to expand...
So is the problem with getting it to authenticate with the server over https?
 
ihaveahax

ihaveahax

Well-Known Member
Member
Level 18
Joined
Apr 20, 2015
Messages
6,070
Trophies
2
XP
7,843
Country
United States
mashers said:
But doesn't the server specify the authentication parameters? Or couldn't we used a hacked https server which allows open access and authenticates any credentials!
Click to expand...
I don't think it works like that, unfortunately.

let's take for example, YouTube again. if the YouTube app connected to youtube.com using HTTPS, the certificate would probably be invalid if we tried to redirect youtube.com to a different server. that same thing would happen if we redirected the update URLs to a different server.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: And that game stick i'm tired of mentioning