Tutorial  Updated

Add custom root certs to the Wii U's browser

NOTE: I am not responsible if you brick.

Hi there. This tutorial will allow you to use custom SSL certs in the Wii U's browser. This will not need signature patches to run, but it does require them to make the modification.

This has been tested with a 5.5.1U system with Haxchi enabled.

  1. Activate CFW or signature patches using Mocha, Haxchi, or CHBC.
  2. Go into FTPii Everywhere.
  3. On an FTP client, navigate to /storage_mlc/sys/title/00050030/10012x0a/content/browser where x is 0 for Japan, 1 for America, and 2 for Europe.
  4. Download the file rootCA.pem.
  5. Open this file in a text editor.
  6. Find some root certificates (in PEM format) to add to the file. If they aren't in PEM format, convert it using OpenSSL. Personally, I would recommend adding Fiddler's root cert, and the DST Root CA X3 root cert (which will make Let's Encrypt sites, such as GBATemp, work with the Wii U). PEM certificates can also be obtained (in Windows) by exporting them from the "Copy to File" dialog which comes up when you view a certificate's properties.
  7. Append the desired certificates to rootCA.pem and save it.
  8. Upload it back to the Wii U.
  9. Test it by opening the browser, and visiting a site that uses your certificates. If it worked, you should not be prompted to manually allow SSL connections to hosts that use those certificates.
I hope you found this tutorial useful! Feel free to reply with any questions!
 
Last edited by aplumafreak500,
  • Like
Reactions: Mr Objection, AboodXD, Brawl345 and 13 others
Click to expand...
ShadowOne333

ShadowOne333

QVID PRO QVO
Editorial Team
Level 36
Joined
Jan 17, 2013
Messages
12,212
Trophies
2
XP
34,071
Country
Mexico
THEELEMENTKH said:
Sweet! But what can we do with this? :unsure:
Click to expand...
Access certain websites which cannot be accessed through the normal Wii U's Browser due to new SSL certificates.
Some examples I can think of are Starmen.net's Forums and the other being Libretro.com and all of it's related links, including the buildbot.

@aplumafreak500 do you happen to know what exactly do I need to do to access those two sites specifically?
I've been wanting to do this for a long time, and now that's it possible I am greatly interested in reenable access to those two sites through my Wii U Browser.

Btw, I don't think posting links to the PEM files for the cetificates is against the rules, so here:
https://github.com/kivy/kivy-sdk-packager/blob/master/win/DST Root CA X3.pem

That's the one for DST Root CA X3 certificate in PEM format, I am only lacking the Fiddler's one.
 
Last edited by ShadowOne333,
aplumafreak500

aplumafreak500

Active Member
OP
Newcomer
Level 3
Joined
Dec 20, 2014
Messages
32
Trophies
0
Age
27
Location
Meyersdale, PA
Website
www.youtube.com
XP
234
Country
United States
@ShadowOne333 Basically, append the desired PEM certificates to rootCA.pem as described above. Analysis of those two sites show that they use a certificate chain with AddTrust External CA as its root. Idk if it's in the certificate store, but by following the steps above, they can be "trusted" by the Wii U browser.
 
  • Like
Reactions: ShadowOne333
ShadowOne333

ShadowOne333

QVID PRO QVO
Editorial Team
Level 36
Joined
Jan 17, 2013
Messages
12,212
Trophies
2
XP
34,071
Country
Mexico
aplumafreak500 said:
@ShadowOne333 Basically, append the desired PEM certificates to rootCA.pem as described above. Analysis of those two sites show that they use a certificate chain with AddTrust External CA as its root. Idk if it's in the certificate store, but by following the steps above, they can be "trusted" by the Wii U browser.
Click to expand...
How do you check the sites for the certificate?
It's these two in particular:
https://forum.starmen.net/
https://libretro.com/

They both throw:
Error Code: 112-1035
Could not display page.
Click to expand...

I talked to the main admins in both sites and error started occurring right when they updated their SSL certificates as mentioned here:
https://forum.starmen.net/forum/Fan...Wii-U-but-I-can-access-just-fine-on-my-laptop

Btw do you have a link to Fiddler's root cert?
I'm missing that one out of the two you mention in the OP.
 
Last edited by ShadowOne333,
D

Deleted User

Guest
ShadowOne333 said:
Btw do you have a link to Fiddler's root cert?
I'm missing that one out of the two you mention in the OP.
Click to expand...
StackOverflow said:
If you want the client computer to trust the Fiddler certificate, you will have to copy or download the Fiddler Root certificate to the client computer and manually install it into the Trusted Root Certification Authorities store. You can download the Fiddler Root certificate by visiting using the URL:

http://hostname.of.FiddlerMachine:8888/FiddlerRoot.cer
Click to expand...
 
aplumafreak500

aplumafreak500

Active Member
OP
Newcomer
Level 3
Joined
Dec 20, 2014
Messages
32
Trophies
0
Age
27
Location
Meyersdale, PA
Website
www.youtube.com
XP
234
Country
United States

We're dealing with the Wii U's stores, not those of a PC. However, obtaining Fiddler's certificate is the same. We download the cert by going to http://10.0.0.20:8888/FiddlerRoot.cer (replace 10.0.0.20:8888 with the host name and port of your Fiddler machine). It's in DER format though so we have to make it PEM format before importing it.

As for the error code, I assume it isn't related to the certificates, and it is instead an unsupported TLS protocol. I'll try it tonight and report back.
 
  • Like
Reactions: ShadowOne333
aplumafreak500

aplumafreak500

Active Member
OP
Newcomer
Level 3
Joined
Dec 20, 2014
Messages
32
Trophies
0
Age
27
Location
Meyersdale, PA
Website
www.youtube.com
XP
234
Country
United States
Sorry for double post. I found out that the server closes the connection due to an SSL handshake error, which occurs before the server even presents its certificate. It seems to be related to the cipher suite the browser presents, which seems to be incompatible with the remote server.

So, this means that this particular error is unrelated to the certificates.

TL;DR Ask the site's admins about changing its SSL cipher suite.
 
  • Like
Reactions: ShadowOne333
ShadowOne333

ShadowOne333

QVID PRO QVO
Editorial Team
Level 36
Joined
Jan 17, 2013
Messages
12,212
Trophies
2
XP
34,071
Country
Mexico
aplumafreak500 said:
Sorry for double post. I found out that the server closes the connection due to an SSL handshake error, which occurs before the server even presents its certificate. It seems to be related to the cipher suite the browser presents, which seems to be incompatible with the remote server.

So, this means that this particular error is unrelated to the certificates.

TL;DR Ask the site's admins about changing its SSL cipher suite.
Click to expand...
Thanks! That'll help to narrow it down for them :)
 
RedDucks

RedDucks

Well-Known Member
Newcomer
Level 5
Joined
Apr 28, 2017
Messages
95
Trophies
0
Age
25
XP
719
Country
United States
Does this affect only the web browser or the system as a whole? Myself and a few other people are looking in to making a custom SMM server, and have made a ROM mod that points to the custom server instead of the official ones. However things break down during connection, and we assume this is due to a certificate trust issue (the server uses Let's Encrypt)
 
piratesephiroth

piratesephiroth

I wish I could read
Member
Level 12
Joined
Sep 5, 2013
Messages
3,453
Trophies
2
Age
103
XP
3,233
Country
Brazil
RedDucks said:
Does this affect only the web browser or the system as a whole? Myself and a few other people are looking in to making a custom SMM server, and have made a ROM mod that points to the custom server instead of the official ones. However things break down during connection, and we assume this is due to a certificate trust issue (the server uses Let's Encrypt)
Click to expand...
we only edit the browser data so...
 
J

Johnny2071

Well-Known Member
Member
Level 4
Joined
Jul 7, 2014
Messages
178
Trophies
0
Age
33
XP
486
Country
United States
I need a real tutorial.

I don't have the first clue as to how to use FTPii Everywhere or a file client (FileZilla).

FTPii Everywhere gives me an IP address, but I don't know what to do on FileZilla. It would really help if there was a "how to" video on this.
 
Last edited by Johnny2071,
AxlSt00pid

AxlSt00pid

Well-Known Member
Member
Level 13
Joined
May 31, 2016
Messages
1,926
Trophies
1
Age
24
XP
3,522
Country
Spain
Johnny2071 said:
I need a real tutorial.

I don't have the first clue as to how to use FTP_Everywhere or a file client (FileZilla).

FTP_Everywhere gives me an IP address, but I don't know what to do on FileZilla. It would really help if there was a "how to" video on this.
Click to expand...
R...really?
To connect with filezilla you just need to put the IP address your Wii U is showing you (on your TV/Gamepad) on the IP address portion of Filezilla and click connect, since FTPiiU doesn't ask for an user and password
 
J

Johnny2071

Well-Known Member
Member
Level 4
Joined
Jul 7, 2014
Messages
178
Trophies
0
Age
33
XP
486
Country
United States
THEELEMENTKH said:
R...really?
To connect with filezilla you just need to put the IP address your Wii U is showing you (on your TV/Gamepad) on the IP address portion of Filezilla and click connect, since FTPiiU doesn't ask for an user and password
Click to expand...
IP address portion? That's "host" right?
 
AxlSt00pid

AxlSt00pid

Well-Known Member
Member
Level 13
Joined
May 31, 2016
Messages
1,926
Trophies
1
Age
24
XP
3,522
Country
Spain
Johnny2071 said:
Well I'm having trouble connecting.
Click to expand...
Are both your Wii U and your PC connected on the same network?
Have you connected using the quick connect option?
Does your Wii U IP address have a number after a semicolon? If so you also have to put that number and the semicolon (Like 192.168.1.59:20)
 

Site & Scene News

Go to forum More news

Popular threads in this forum

A really, REALLY old browser exploit (for 5.3.2)?

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Hacking Hardware  Wii U No Display (Logs dumped)

Hacking Gaming  Xenoblade Chronicles X - Lifeline and Enhancement Mod

Super Mario Maker Save Collection (All Event and Staff Courses Preserved, 3DS Mario Challenge Port, and More)

Watch videos on Wii U, offline, saved on SD?

Can you hack your wii u with something other than sd card

Pretendo not working with updated games?!

General chit-chat
Help Users
  • No one is chatting at the moment.
  • K3Nv2 @ K3Nv2:
    It must be the 1st already
  • BakerMan @ BakerMan:
    1st of what?
  • BakerMan @ BakerMan:
    may?
  • K3Nv2 @ K3Nv2:
    Oh yeah it's in September
  • Xdqwerty @ Xdqwerty:
    @BakerMan, yea i think its different
  • BakerMan @ BakerMan:
    ok, because here it's in september, right before the fuckin school year starts
  • Xdqwerty @ Xdqwerty:
  • K3Nv2 @ K3Nv2:
    https://youtu.be/_sJ79aDQTeQ?si=dCPYbyGhZ8OFK8nb
  • Psionic Roshambo @ Psionic Roshambo:
    https://www.youtube.com/watch?v=HlxH_Th3-LI
  • Xdqwerty @ Xdqwerty:
    good night
  • BakerMan @ BakerMan:
    as to you
  • K3Nv2 @ K3Nv2:
    How do you know if the night will be good when you're asleep
  • BakerMan @ BakerMan:
    because i didn't say i was asleep
  • BakerMan @ BakerMan:
    i said i was sleeping...
  • BakerMan @ BakerMan:
    sleeping with uremum
  • K3Nv2 @ K3Nv2:
    Even my mum slept on that uremum
  • TwoSpikedHands @ TwoSpikedHands:
    yall im torn... ive been hacking away at tales of phantasia GBA (the USA version) and have so many documents of reverse engineering i've done
  • TwoSpikedHands @ TwoSpikedHands:
    I just found out that the EU version is better in literally every way, better sound quality, better lighting, and there's even a patch someone made to make the text look nicer
  • TwoSpikedHands @ TwoSpikedHands:
    Do I restart now using what i've learned on the EU version since it's a better overall experience? or do I continue with the US version since that is what ive been using, and if someone decides to play my hack, it would most likely be that version?
  • Sicklyboy @ Sicklyboy:
    @TwoSpikedHands, I'll preface this with the fact that I know nothing about the game, but, I think it depends on what your goals are. Are you trying to make a definitive version of the game? You may want to refocus your efforts on the EU version then. Or, are you trying to make a better US version? In which case, the only way to make a better US version is to keep on plugging away at that one ;)
  • Sicklyboy @ Sicklyboy:
    I'm not familiar with the technicalities of the differences between the two versions, but I'm wondering if at least some of those differences are things that you could port over to the US version in your patch without having to include copyrighted assets from the EU version
  • TwoSpikedHands @ TwoSpikedHands:
    @Sicklyboy I am wanting to fully change the game and bend it to my will lol. I would like to eventually have the ability to add more characters, enemies, even have a completely different story if i wanted. I already have the ability to change the tilemaps in the US version, so I can basically make my own map and warp to it in game - so I'm pretty far into it!
  • TwoSpikedHands @ TwoSpikedHands:
    I really would like to make a hack that I would enjoy playing, and maybe other people would too. swapping to the EU version would also mean my US friends could not legally play it
  • TwoSpikedHands @ TwoSpikedHands:
    I am definitely considering porting over some of the EU features without using the actual ROM itself, tbh that would probably be the best way to go about it... but i'm sad that the voice acting is so.... not good on the US version. May not be a way around that though
  • TwoSpikedHands @ TwoSpikedHands:
    I appreciate the insight!
    TwoSpikedHands @ TwoSpikedHands: I appreciate the insight!