MITM Wii U SSL connections!

iAqua · Jul 18, 2017

oh my god I love you.

btw the only reason no one responded is because you said if they don't know what mitm is they shouldn't respond.

Deleted User · Jul 18, 2017

iAqua said:
oh my god I love you.

xox gossip girl

Elveman · Jul 18, 2017

So... can this be our first step to custom Wii U servers (like altwfc)?

BullyWiiPlaza · Jul 18, 2017

Elveman said:
So... can this be our first step to custom Wii U servers (like altwfc)?

Yeah

povlur. · Jul 18, 2017

holy shit im so happy

Deleted User · Jul 18, 2017

I'm going to guess MITM means Man in the Middle Attack?

Pretty cool. Life comes at you fast. This works on latest FW?

Deleted User · Jul 18, 2017

VinLark said:
I'm going to guess MITM means Man in the Middle Attack?

Pretty cool. Life comes at you fast. This works on latest FW?

Yes, Man In The Middle, that allows SSL interception.
It should work fine on latest FW, I've used it with 5.5.1 and the SSL module hasn't changed..

Deleted User · Jul 19, 2017

Very good stuff! Thanks for posting it, I'll for sure have some fun with this.

tunip3 · Jul 24, 2017

PokeAcer said:
Since I've been sitting on some of this for some time, I decided that it might be better if people who want to work more help with this.

If you don't know what MITMing is, please don't ask; this is for people who know what to do.
You can potentially brick with this if you mess up the SSL module - If you are enough of an idiot to do this, here is my guide to unbrick.

Requirements

Charles Proxy or some other proxy with SSL MITM support, aswell as client certificate support. (Fiddler would work however I've personally had issues with it)

WUPServer with sys perms (Mocha CFW works, CBHC doesn't if I recall correctly)

The Nintendo Wii U Client Certificate - this can be obtained via Arian Kordi's website at https://ariankordi.net/cert

Steps (These have been written for Charles Proxy, but should work with tweaks on other proxies)

Download the Client Certificate, and optionally install Nintendo's Server Certificates.

Open Charles Proxy, go to SSL Proxy; add *.nintendo.net port 443 to the domains to MITM.

Add Wii U's common cert for client for *.nintendo.net port 443

Enable HTTP proxy, but disable Browser and OS proxying

Go to SSL proxy; export as a BINARY CERTIFICATE.

Open WUPServer and run the command:

Code:

w.up("FILENAMEOFCERT.der", "/vol/storage_mlc01/sys/title/0005001b/10054000/content/scerts/CACERT_NINTENDO_CA_G3.der")

Reboot your Wii U (or just go to System Settings and back)

Connect your Wii U to the proxy, and test!

A few notes:

Regular SSL without the proxy will no longer work for anything that uses the certificate you replaced.

Not all services use that one SSL certificate and thus not all services will work; at a later date (or if someone informs me) I can add a list of what services use what CA.

which certificates is it

Deleted User · Jul 24, 2017

tunip3 said:
which certificates is it

Define "which certificate"? You replace the certificate Nintendo CA - G3. You need Cafe's Common Client Cert, which you can get from Arian's site.

tunip3 · Jul 24, 2017

PokeAcer said:
Define "which certificate"? You replace the certificate Nintendo CA - G3. You need Cafe's Common Client Cert, which you can get from Arian's site.

so wiiu common prod 1

Deleted User · Jul 24, 2017

tunip3 said:
so wiiu common prod 1

Yes.

Deleted member 355359 · Jul 25, 2017

Elveman said:
So... can this be our first step to custom Wii U servers (like altwfc)?

And the servers. Nintendo doesn't just have, like, 3 servers this time, and the account OAuth2 server is, well, OAuth2, but also way more complicated than anything Nintendo has done before (aside from e-commerce crypto maybe?) and also games will want their own servers, like Mario Kart TV stuff, and Splatoon wants to upload player + battle statistics after every match for SplatNet (by the way, more data than what EVEN SplatNet 2 shows is sent, so we could make a pretty sick SplatNet "Plus" server if we get to it).

But, we can try. I think we can do it, with the power of the homebrew community.

One of my ideas for integrating custom servers onto the Wii U is to either use a custom memory patcher that detects EVERYTHING and also patches EVERYTHING on the fly, OR to have a proxy that will use the custom servers for the system automatically only requiring the SSL setup of course, then we can make everyone use Let's Encrypt or something.
I don't know.

Anonymous42456 · Aug 19, 2017

I don't understand how to do this.

GRAnimated · Sep 10, 2017

Hey, so I followed the entire guide, but unfortunately I was unable to get it working (done on RedNAND). Whenever my Wii U uses an online service, proxy or no proxy connected, it errors.

iAqua · Sep 11, 2017

GRAnimated said:
Hey, so I followed the entire guide, but unfortunately I was unable to get it working (done on RedNAND). Whenever my Wii U uses an online service, proxy or no proxy connected, it errors.

Just noting that me and @GRAnimated did solve this problem, but here's some troubleshooting tips for anyone experiencing issues.

make sure you're exporting your certificate as a .der not a .cer
ensure all your urls are enabled for ssl proxying
also make sure you have the wii u client certificate in the ssl proxying settings too.

if anyone else is having problems with this you can contact me on discord at (aqua#6063)

ㅤ

Deleted User

Guest

Just passing by

Nintendo Hacking <3

Well-Known Member

Deleted User

Guest

Deleted User

Guest

Deleted User

Guest

[debugger active]

Deleted User

Guest

[debugger active]

Deleted User

Guest

Well-Known Member

Well-Known Member

Well-Known Member

ㅤ

Similar threads

Popular threads in this forum