Homebrew [Release] 3DS-SSL-Patch: Disable Root CA verification for SSL requests.

[SciresM]

Github repository is here.

Anyway, this is a patch to disable root CA verification for SSL requests...in other words, it makes it so that you can trivially man-in-the-middle any network request sent from your console.

This'll be really useful for devs, I imagine, since it means you can just fire up fiddler or whatever and start inspecting network traffic if you want to reverse engineer how a game's network protocols work.

As a test, I used it and successfully dumped every request in a complete login to eshop -> navigate to title -> buy title sequence, and got the plaintext requests where my console downloaded the ticket for the title I bought etc etc.

I'd caution that it's really only for devs, though...your 3DS's network requests are necessarily completely insecure when this is installed, so you'll want to turn it off or uninstall it except when doing reverse engineering work.

Still, I'm hoping this'll lead to a lot more documentation/reverse engineering of 3DS games's networking protocols.

 

[Dionicio3]

This is cool, good job!

 

[thisisallowed]

Nice. Hopefully this will lead to a 3rd party server before the shutdown of the official one in the early-mid 20s.

 

[proflayton123]

Very nice, good works for future server.

 

[Dionicio3]

Nice. Hopefully this will lead to a 3rd party server before the shutdown of the official one in the early-mid 20s.

I think the 3DS would last long since Nintendo is basically miking it at this point

 

[thisisallowed]

I think the 3DS would last long since Nintendo is basically miking it at this point

That's why I said early-mid 20s. 2026 is too short for you?

 

[Dionicio3]

That's why I said early-mid 20s. 2026 is too short for you?

Ah, nvm

 

[Deleted User]

i can't believe this.

This morning I woke up and wanted to experiment with this stuff, but had no where to start. Thank you!

 

[NexoCube]

omg omg omg, thanks you, a lot <3 That's what i was searching for, for years

 

[Deleted User]

could somebody upload the modified Luma? my devKitPro is acting up

 

[SciresM]

could somebody upload the modified Luma? my devKitPro is acting up

I would prefer if people didn't upload the modified luma...this is really, really unsafe for end users/non-devs to be using, so minimizing the risk by forcing the user to compile is good.

 

[Deleted User]

I would prefer if people didn't upload the modified luma...this is really, really unsafe for end users/non-devs to be using, so minimizing the risk by forcing the user to compile is good.

Fair enough.

I'll figure out my problems then. I was just being lazy like usual

 

[NexoCube]

I would prefer if people didn't upload the modified luma...this is really, really unsafe for end users/non-devs to be using, so minimizing the risk by forcing the user to compile is good.

Mhhmm, it's not working, when connecting to the Nintendo Network in MK7, the request sent and received are "TLS_RSA_AES_256_SHA" encrypted :/
I'm using Fiddler 4 (and a proxy to intercept network traffic)

 

[The Real Jdbye]

Looks like the official Luma repo has already been modified to have the required patch.

 

[SciresM]

Mhhmm, it's not working, when connecting to the Nintendo Network in MK7, the request sent and received are "TLS_RSA_AES_256_SHA" encrypted :/
I'm using Fiddler 4 (and a proxy to intercept network traffic)

I got the SSL module titleid wrong when I originally posted the repo...may wanna make sure you've got that right.

Also, you may need to be sending ClCertA as a client cert. Not 100% sure on that.

 

[Deleted User]

@SciresM I am trying to compile it but i keeps saying

make: armips: Command not found
make: *** [all] Error 127

 

[Ryccardo]

@SciresM I am trying to compile it but i keeps saying

make: armips: Command not found
make: *** [all] Error 127

Well, do you have armips in the path?
(on windows, c:\devkitpro\msys\usr\local\bin\)

 

[Deleted User]

Well, do you have armips in the path?
(on windows, c:\devkitpro\msys\usr\local\bin\)

yes

Edit: After deleting/copying it there again it works.

 

[Deleted User]

holy shit sciresm this is exactly what i was looking for. you are a god

 

[Ryccardo]

Thank you SciresM and PoryHack!

The instructions need a little interpretation (ie, the code.bin must be decompressed before patching), but I really appreciate this tool that gives you great power and great responsibility!