Hacking hacking into the eshop

[rondoh70]

I hacked into the eshop using fiddler 2 and would like to know what this code means

Major Version: 3
Minor Version: 0
SessionID: empty
Random: 8C F9 66 C8 63 6B 15 EA 4C 56 56 D3 11 E2 C0 24 58 60 8A AE 88 CA 83 AB 6A 99 B9 57 71 1D 9A AA
Cipher: 0x35

 

[indask8]

I hacked into the eshop using fiddler 2 and would like to know what this code means

Major Version: 3
Minor Version: 0
SessionID: empty
Random: 8C F9 66 C8 63 6B 15 EA 4C 56 56 D3 11 E2 C0 24 58 60 8A AE 88 CA 83 AB 6A 99 B9 57 71 1D 9A AA
Cipher: 0x35

That means the FBI is on it's way.

 

[rondoh70]

actually I didnt hack the eshop i just decrypted part of the webpage

 

[loco365]

actually I didnt hack the eshop i just decrypted part of the webpage

You know he's being sarcastic, right?

It's interesting that you managed to decrypt something besides save files.

 

[rondoh70]

i had it set up it could decrypt any webpage

 

[Supercool330]

That is probably a random key to be used in some sort of cryptographic handshake to generate a session ID and some sort of key-pair. For the record you didn't hack or decrypt anything. You captured and decoded, which is a good first step for beginners.

 

[linuxares]

What is that cipher 0x35? Is it just to use every HEX and * 35?

 

[Supercool330]

That is probably a key to look up a cipher type in a table on the 3ds. None of this information is really useful without capturing the response of the 3DS and the remainder of the handshake, which could easily be done by setting up a box running WS or Fiddler as a bridge, connecting to the eShop through it and capturing all the traffic. However, unless Nintendo absolutely failed at their encryption and signing schema (wouldn't be the first time), even that wouldn't really be of any use.

 

[rondoh70]

That is probably a random key to be used in some sort of cryptographic handshake to generate a session ID and some sort of key-pair. For the record you didn't hack or decrypt anything. You captured and decoded, which is a good first step for beginners.

you are right I did a https hand shake the bad thing is that nus no longer lets me connect

 

[Arisotura]

That is most likely data relating to the SSL connection. I highly doubt it has anything to do with the 3DS's keys.

 

[rondoh70]

you are right mega mario but im wondering if this is possible

That is probably a key to look up a cipher type in a table on the 3ds. None of this information is really useful without capturing the response of the 3DS and the remainder of the handshake, which could easily be done by setting up a box running WS or Fiddler as a bridge, connecting to the eShop through it and capturing all the traffic. However, unless Nintendo absolutely failed at their encryption and signing schema (wouldn't be the first time), even that wouldn't really be of any use.

 

[Supercool330]

Ya, these look like normal SSL 3.0 headers. All I'm saying is that if you could get past whatever weird custom SSL stuff they have set up, it wouldn't really be useful. Best case, you could view the contents of the store in a browser.

 

[rondoh70]

what i was hoping to do is to set up a private server with the eshop in it and watch the interaction of files

 

[rondoh70]

can someone tell me how to host the eshop using abyss.

 

[chyyran]

can someone tell me how to host the eshop using abyss.

No one but Nintendo knows.

 

[bowser]

That is probably a random key to be used in some sort of cryptographic handshake to generate a session ID and some sort of key-pair. For the record you didn't hack or decrypt anything. You captured and decoded, which is a good first step for beginners.

you are right I did a https hand shake the bad thing is that nus no longer lets me connect

Yes that's because Fiddler decrypts traffic for sniffing and then encrypts it back with it's own self-signed certificate before passing on the data to you and the server. No server is going to accept this certificate which is probably why you're not able to connect through NUS. NUS should let you connect again if you shut down Fiddler. And no client (read your computer) is going to accept this certificate either, which is why you had to add Fiddler's certificate to your Windows certificate store when you clicked on the option to decrypt HTTPS traffic in Fiddler's settings. Or maybe you added it to your browser's certificate store. Either way, you have to configure the client to accept this fake certificate.

At the most you'll be able to see the e-shop traffic but there's no way you're actually going to hack into it. Unless Nintendo really, really messed up somewhere

 

[rondoh70]

This is extremely unlikely but what if they weren't expecting an attack to the eShop if we were to crack the ssl certificate the host it through a private server we might be able to see how the titles are sighned.

 

[Arisotura]

Keep dreaming, kid, keep dreaming... maybe someday your dreams will come true.

Nintendo most likely signs titles _before_ uploading them to the server. They're doing their best to keep their private keys private (unlike Sony

).

 

[rondoh70]

ok before i used a fake certificate and got

Major Version: 3
Minor Version: 0
SessionID: empty
Random: 8C F9 66 C8 63 6B 15 EA 4C 56 56 D3 11 E2 C0 24 58 60 8A AE 88 CA 83 AB 6A 99 B9 57 71 1D 9A AA
Cipher: 0x35

and now i have

Major Version: 3
Minor Version: 0
Random: 4E 63 E9 83 96 0A 3B DD 51 67 28 59 76 BC 56 75 B7 D0 61 41 50 DB 4D CF 66 FD E6 17 A3 DB 55 BA
SessionID: empty
Ciphers:
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
[0088] TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
[0087] TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0084] TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
[0035] TLS_RSA_AES_256_SHA
[0045] TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
[0044] TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
[0066] TLS_DHE_DSS_WITH_RC4_128_SHA
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[0096] TLS_RSA_WITH_SEED_CBC_SHA
[0041] TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
[0005] SSL_RSA_WITH_RC4_128_SHA
[002F] TLS_RSA_AES_128_SHA
[0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[FEFF] SSL_RSA_FIPS_WITH_3DES_EDE_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA

 

[rondoh70]

ok the only thing i understand about this is that it is ether part of the ssl hash or the eshop hash