hacking into the eshop

Discussion in '3DS - Flashcards & Custom Firmwares' started by rondoh70, Sep 4, 2011.

Sep 4, 2011

hacking into the eshop by rondoh70 at 4:47 PM (11,050 Views / 0 Likes) 23 replies

  1. rondoh70
    OP

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    I hacked into the eshop using fiddler 2 and would like to know what this code means

    Major Version: 3
    Minor Version: 0
    SessionID: empty
    Random: 8C F9 66 C8 63 6B 15 EA 4C 56 56 D3 11 E2 C0 24 58 60 8A AE 88 CA 83 AB 6A 99 B9 57 71 1D 9A AA
    Cipher: 0x35
     


  2. indask8

    Member indask8 New Member Forever

    Joined:
    Apr 19, 2007
    Messages:
    987
    Location:
    Look at the Flag...
    Country:
    France
    That means the FBI is on it's way. [​IMG]
     
  3. rondoh70
    OP

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    actually I didnt hack the eshop i just decrypted part of the webpage
     
  4. loco365

    Member loco365 GBAtemp Guru

    Joined:
    Sep 1, 2010
    Messages:
    5,459
    You know he's being sarcastic, right?

    It's interesting that you managed to decrypt something besides save files.
     
  5. rondoh70
    OP

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    i had it set up it could decrypt any webpage
     
  6. Supercool330

    Member Supercool330 GBAtemp Advanced Fan

    Joined:
    Sep 28, 2008
    Messages:
    659
    Country:
    United States
    That is probably a random key to be used in some sort of cryptographic handshake to generate a session ID and some sort of key-pair. For the record you didn't hack or decrypt anything. You captured and decoded, which is a good first step for beginners.
     
    1 person likes this.
  7. linuxares

    Member linuxares GBAtemp Maniac

    Joined:
    Aug 5, 2007
    Messages:
    1,370
    Country:
    Sweden
    What is that cipher 0x35? Is it just to use every HEX and * 35? [​IMG]
     
  8. Supercool330

    Member Supercool330 GBAtemp Advanced Fan

    Joined:
    Sep 28, 2008
    Messages:
    659
    Country:
    United States
    That is probably a key to look up a cipher type in a table on the 3ds. None of this information is really useful without capturing the response of the 3DS and the remainder of the handshake, which could easily be done by setting up a box running WS or Fiddler as a bridge, connecting to the eShop through it and capturing all the traffic. However, unless Nintendo absolutely failed at their encryption and signing schema (wouldn't be the first time), even that wouldn't really be of any use.
     
  9. rondoh70
    OP

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    you are right I did a https hand shake the bad thing is that nus no longer lets me connect
     
  10. StapleButter

    Member StapleButter 'New Member' registered since 2009. Fuck yea.

    Joined:
    Dec 5, 2009
    Messages:
    763
    Country:
    France
    That is most likely data relating to the SSL connection. I highly doubt it has anything to do with the 3DS's keys.
     
  11. rondoh70
    OP

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    you are right mega mario but im wondering if this is possible
     
  12. Supercool330

    Member Supercool330 GBAtemp Advanced Fan

    Joined:
    Sep 28, 2008
    Messages:
    659
    Country:
    United States
    Ya, these look like normal SSL 3.0 headers. All I'm saying is that if you could get past whatever weird custom SSL stuff they have set up, it wouldn't really be useful. Best case, you could view the contents of the store in a browser.
     
  13. rondoh70
    OP

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    what i was hoping to do is to set up a private server with the eshop in it and watch the interaction of files
     
  14. rondoh70
    OP

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    can someone tell me how to host the eshop using abyss.
     
  15. Ron

    Member Ron somehow a weeb now.

    Joined:
    Dec 10, 2009
    Messages:
    2,837
    Location:
    here
    Country:
    Canada
    No one but Nintendo knows.
     
  16. bowser

    Member bowser Mwa ha ha ha!

    Joined:
    Sep 1, 2008
    Messages:
    2,177
    Location:
    GBAtemp ↑↑↓↓← → ← →BA
    Country:
    India
    Yes that's because Fiddler decrypts traffic for sniffing and then encrypts it back with it's own self-signed certificate before passing on the data to you and the server. No server is going to accept this certificate which is probably why you're not able to connect through NUS. NUS should let you connect again if you shut down Fiddler. And no client (read your computer) is going to accept this certificate either, which is why you had to add Fiddler's certificate to your Windows certificate store when you clicked on the option to decrypt HTTPS traffic in Fiddler's settings. Or maybe you added it to your browser's certificate store. Either way, you have to configure the client to accept this fake certificate.

    At the most you'll be able to see the e-shop traffic but there's no way you're actually going to hack into it. Unless Nintendo really, really messed up somewhere [​IMG]
     
  17. rondoh70
    OP

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    This is extremely unlikely but what if they weren't expecting an attack to the eShop if we were to crack the ssl certificate the host it through a private server we might be able to see how the titles are sighned.
     
  18. StapleButter

    Member StapleButter 'New Member' registered since 2009. Fuck yea.

    Joined:
    Dec 5, 2009
    Messages:
    763
    Country:
    France
    Keep dreaming, kid, keep dreaming... maybe someday your dreams will come true.

    Nintendo most likely signs titles _before_ uploading them to the server. They're doing their best to keep their private keys private (unlike Sony [​IMG] ).
     
  19. rondoh70
    OP

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    ok before i used a fake certificate and got
    and now i have

    Major Version: 3
    Minor Version: 0
    Random: 4E 63 E9 83 96 0A 3B DD 51 67 28 59 76 BC 56 75 B7 D0 61 41 50 DB 4D CF 66 FD E6 17 A3 DB 55 BA
    SessionID: empty
    Ciphers:
    [00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
    [0088] TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
    [0087] TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
    [0039] TLS_DHE_RSA_WITH_AES_256_SHA
    [0038] TLS_DHE_DSS_WITH_AES_256_SHA
    [0084] TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
    [0035] TLS_RSA_AES_256_SHA
    [0045] TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
    [0044] TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
    [0066] TLS_DHE_DSS_WITH_RC4_128_SHA
    [0033] TLS_DHE_RSA_WITH_AES_128_SHA
    [0032] TLS_DHE_DSS_WITH_AES_128_SHA
    [0096] TLS_RSA_WITH_SEED_CBC_SHA
    [0041] TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
    [0004] SSL_RSA_WITH_RC4_128_MD5
    [0005] SSL_RSA_WITH_RC4_128_SHA
    [002F] TLS_RSA_AES_128_SHA
    [0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
    [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [FEFF] SSL_RSA_FIPS_WITH_3DES_EDE_SHA
    [000A] SSL_RSA_WITH_3DES_EDE_SHA
     
  20. rondoh70
    OP

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    ok the only thing i understand about this is that it is ether part of the ssl hash or the eshop hash
     

Share This Page