hacking into the eshop

Discussion in '3DS - Flashcards & Custom Firmwares' started by rondoh70, Sep 4, 2011.

  1. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    I hacked into the eshop using fiddler 2 and would like to know what this code means

    Major Version: 3
    Minor Version: 0
    SessionID: empty
    Random: 8C F9 66 C8 63 6B 15 EA 4C 56 56 D3 11 E2 C0 24 58 60 8A AE 88 CA 83 AB 6A 99 B9 57 71 1D 9A AA
    Cipher: 0x35
     


  2. indask8

    indask8 New Member Forever

    Member
    987
    119
    Apr 19, 2007
    France
    Look at the Flag...
    That means the FBI is on it's way. [​IMG]
     
  3. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    actually I didnt hack the eshop i just decrypted part of the webpage
     
  4. loco365

    loco365 GBAtemp Guru

    Member
    5,458
    2,669
    Sep 1, 2010
    You know he's being sarcastic, right?

    It's interesting that you managed to decrypt something besides save files.
     
  5. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    i had it set up it could decrypt any webpage
     
  6. Supercool330

    Supercool330 GBAtemp Advanced Fan

    Member
    681
    131
    Sep 28, 2008
    United States
    That is probably a random key to be used in some sort of cryptographic handshake to generate a session ID and some sort of key-pair. For the record you didn't hack or decrypt anything. You captured and decoded, which is a good first step for beginners.
     
    1 person likes this.
  7. linuxares

    linuxares GBAtemp Addict

    Member
    2,703
    887
    Aug 5, 2007
    What is that cipher 0x35? Is it just to use every HEX and * 35? [​IMG]
     
  8. Supercool330

    Supercool330 GBAtemp Advanced Fan

    Member
    681
    131
    Sep 28, 2008
    United States
    That is probably a key to look up a cipher type in a table on the 3ds. None of this information is really useful without capturing the response of the 3DS and the remainder of the handshake, which could easily be done by setting up a box running WS or Fiddler as a bridge, connecting to the eShop through it and capturing all the traffic. However, unless Nintendo absolutely failed at their encryption and signing schema (wouldn't be the first time), even that wouldn't really be of any use.
     
  9. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    you are right I did a https hand shake the bad thing is that nus no longer lets me connect
     
  10. StapleButter

    StapleButter 'New Member' registered since 2009. Fuck yea.

    Member
    767
    1,443
    Dec 5, 2009
    France
    That is most likely data relating to the SSL connection. I highly doubt it has anything to do with the 3DS's keys.
     
  11. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    you are right mega mario but im wondering if this is possible
     
  12. Supercool330

    Supercool330 GBAtemp Advanced Fan

    Member
    681
    131
    Sep 28, 2008
    United States
    Ya, these look like normal SSL 3.0 headers. All I'm saying is that if you could get past whatever weird custom SSL stuff they have set up, it wouldn't really be useful. Best case, you could view the contents of the store in a browser.
     
  13. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    what i was hoping to do is to set up a private server with the eshop in it and watch the interaction of files
     
  14. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    can someone tell me how to host the eshop using abyss.
     
  15. Ron

    Ron somehow a weeb now.

    Member
    2,839
    388
    Dec 10, 2009
    Canada
    here
    No one but Nintendo knows.
     
  16. bowser

    bowser Mwa ha ha ha!

    Member
    2,253
    750
    Sep 1, 2008
    India
    GBAtemp ↑↑↓↓← → ← →BA
    Yes that's because Fiddler decrypts traffic for sniffing and then encrypts it back with it's own self-signed certificate before passing on the data to you and the server. No server is going to accept this certificate which is probably why you're not able to connect through NUS. NUS should let you connect again if you shut down Fiddler. And no client (read your computer) is going to accept this certificate either, which is why you had to add Fiddler's certificate to your Windows certificate store when you clicked on the option to decrypt HTTPS traffic in Fiddler's settings. Or maybe you added it to your browser's certificate store. Either way, you have to configure the client to accept this fake certificate.

    At the most you'll be able to see the e-shop traffic but there's no way you're actually going to hack into it. Unless Nintendo really, really messed up somewhere [​IMG]
     
  17. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    This is extremely unlikely but what if they weren't expecting an attack to the eShop if we were to crack the ssl certificate the host it through a private server we might be able to see how the titles are sighned.
     
  18. StapleButter

    StapleButter 'New Member' registered since 2009. Fuck yea.

    Member
    767
    1,443
    Dec 5, 2009
    France
    Keep dreaming, kid, keep dreaming... maybe someday your dreams will come true.

    Nintendo most likely signs titles _before_ uploading them to the server. They're doing their best to keep their private keys private (unlike Sony [​IMG] ).
     
  19. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    ok before i used a fake certificate and got
    and now i have

    Major Version: 3
    Minor Version: 0
    Random: 4E 63 E9 83 96 0A 3B DD 51 67 28 59 76 BC 56 75 B7 D0 61 41 50 DB 4D CF 66 FD E6 17 A3 DB 55 BA
    SessionID: empty
    Ciphers:
    [00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
    [0088] TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
    [0087] TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
    [0039] TLS_DHE_RSA_WITH_AES_256_SHA
    [0038] TLS_DHE_DSS_WITH_AES_256_SHA
    [0084] TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
    [0035] TLS_RSA_AES_256_SHA
    [0045] TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
    [0044] TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
    [0066] TLS_DHE_DSS_WITH_RC4_128_SHA
    [0033] TLS_DHE_RSA_WITH_AES_128_SHA
    [0032] TLS_DHE_DSS_WITH_AES_128_SHA
    [0096] TLS_RSA_WITH_SEED_CBC_SHA
    [0041] TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
    [0004] SSL_RSA_WITH_RC4_128_MD5
    [0005] SSL_RSA_WITH_RC4_128_SHA
    [002F] TLS_RSA_AES_128_SHA
    [0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
    [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [FEFF] SSL_RSA_FIPS_WITH_3DES_EDE_SHA
    [000A] SSL_RSA_WITH_3DES_EDE_SHA
     
  20. rondoh70
    OP

    rondoh70 GBAtemp Fan

    Member
    333
    41
    Sep 1, 2011
    United States
    new york
    ok the only thing i understand about this is that it is ether part of the ssl hash or the eshop hash