Not a bad comeback
Since it is server side, there is no possibility of exploiting this outside of committing a criminal act to obtain what is needed, as has sometimes happened in the past where certificates have been stolen. But these are very serious criminal offenses and there is no recorded case of such a thing happening for such important things as a 3DS (mass market). Even if one succeeded, Nintendo would simply create a new certificate and revoke the old one and force this through when a person contacts the server, doing so would be trivial for nintendo and require no further code or expense beyond a small fee to the certificate holding companies.
There's a voice inside my head that tells me to pay you no mind, since this argument wont get anywhere.
But at the same time, I'm kind of enjoying this.
And "joy" was one thing that led me here in the first place, so what the heck, right?
First of all, I never said I wasn't a criminal and that I would not commit such an act.
You all simply would never know about it
Second of all, how can you say this when the Playstation Network was hacked, and so many other large corporations in the past?
If you had even the slightest idea about the "real" level of security in IT around the world, then you would not be saying this.
By me saying you are "ignorant", it is information that what you are doing is interesting but your thought that it could lead anywhere is simply impossible. By you calling me ignorant, it simply means that you are deflecting my post content as you interpret it as a hostile response instead of showing I'm wrong.
Although I don't know what information you are sitting on, I think I can say for sure that you don't know the inner workings of the Nintendo servers.
Saying that this is impossible, just shows how fast you give up.
And I'm not saying that I would be able to crack the secure ciphers that are used in this case, but there are other ways around it, plus the servers are load balanced, which might mean that one of the servers that the Mystery Gift domain resolves to, might support weak ciphers (although this seems unlikely given the fact that we have right now).
Also, all the facts that are known, are not in this thread, so bear that in mind.
What you will end up with at the end of this experience, is the realization that what you have in mind as a slim possibility is as possible as walking on water.
I almost wish I was religious so I could tell you "lol say that to Jesus", but I'm not ... so I wont
But I do think you are taking this a bit to the extreme here, and you are giving the makers of these technologies far too much credit for their work.
I research security on a daily basis both for work and as a hobby, and things get broken every day, although I don't believe the SSL technology used here will be cracked, I do see a possibility to go around this and poke around with the functions of the 3DS, that's what this forum is all about, is it not?
Anyway, I feel that you don't want to contribute to this project very much, and I see no more need to discuss this.
You wont change your opinion, fine, it matters not
I did enjoy writing this however.
PS: And about the "Nintendo would simply create a new certificate and revoke the old one and force this through when a person contacts the server".
This is very easy to prevent, and if such a hack would be created, the software could be modified to not contact that server, either internal modifications, or by simply not resolving the domain to that IP.
Thanks everyone for showing interest in this
I'm going to poke around a bit more with the servers and the certs, just to see if there's any way to get around it.
If not possible, then I will give up on not modifying the 3DS, and get a new one (since I don't want to modify the one I use for gaming), so that I can poke around a bit with it.
Cheers for now!
