Tutorial MITM Wii U SSL connections!

  • Thread starter Deleted User
  • Start date
  • Views 9,986
  • Replies 16
  • Likes 10
D

Deleted User

Guest
OP
Since I've been sitting on some of this for some time, I decided that it might be better if people who want to work more help with this.

If you don't know what MITMing is, please don't ask; this is for people who know what to do.
You can potentially brick with this if you mess up the SSL module - If you are enough of an idiot to do this, here is my guide to unbrick.

Requirements
  • Charles Proxy or some other proxy with SSL MITM support, aswell as client certificate support. (Fiddler would work however I've personally had issues with it)
  • WUPServer with sys perms (Mocha CFW works, CBHC doesn't if I recall correctly)
  • The Nintendo Wii U Client Certificate - this can be obtained via Arian Kordi's website at https://ariankordi.net/cert
Steps (These have been written for Charles Proxy, but should work with tweaks on other proxies)
  1. Download the Client Certificate, and optionally install Nintendo's Server Certificates.
  2. Open Charles Proxy, go to SSL Proxy; add *.nintendo.net port 443 to the domains to MITM.
  3. Add Wii U's common cert for client for *.nintendo.net port 443
  4. Enable HTTP proxy, but disable Browser and OS proxying
  5. Go to SSL proxy; export as a BINARY CERTIFICATE.
  6. Open WUPServer and run the command:
    Code:
    w.up("FILENAMEOFCERT.der", "/vol/storage_mlc01/sys/title/0005001b/10054000/content/scerts/CACERT_NINTENDO_CA_G3.der")
  7. Reboot your Wii U (or just go to System Settings and back)
  8. Connect your Wii U to the proxy, and test!
A few notes:
  • Regular SSL without the proxy will no longer work for anything that uses the certificate you replaced.
  • Not all services use that one SSL certificate and thus not all services will work; at a later date (or if someone informs me) I can add a list of what services use what CA.
 
Last edited by ,
D

Deleted User

Guest
OP
I'm going to guess MITM means Man in the Middle Attack?

Pretty cool. Life comes at you fast. This works on latest FW?
Yes, Man In The Middle, that allows SSL interception.
It should work fine on latest FW, I've used it with 5.5.1 and the SSL module hasn't changed..
 

tunip3

[debugger active]
Banned
Joined
Oct 31, 2016
Messages
1,675
Trophies
0
XP
1,624
Country
United Kingdom
Since I've been sitting on some of this for some time, I decided that it might be better if people who want to work more help with this.

If you don't know what MITMing is, please don't ask; this is for people who know what to do.
You can potentially brick with this if you mess up the SSL module - If you are enough of an idiot to do this, here is my guide to unbrick.

Requirements
  • Charles Proxy or some other proxy with SSL MITM support, aswell as client certificate support. (Fiddler would work however I've personally had issues with it)
  • WUPServer with sys perms (Mocha CFW works, CBHC doesn't if I recall correctly)
  • The Nintendo Wii U Client Certificate - this can be obtained via Arian Kordi's website at https://ariankordi.net/cert
Steps (These have been written for Charles Proxy, but should work with tweaks on other proxies)
  1. Download the Client Certificate, and optionally install Nintendo's Server Certificates.
  2. Open Charles Proxy, go to SSL Proxy; add *.nintendo.net port 443 to the domains to MITM.
  3. Add Wii U's common cert for client for *.nintendo.net port 443
  4. Enable HTTP proxy, but disable Browser and OS proxying
  5. Go to SSL proxy; export as a BINARY CERTIFICATE.
  6. Open WUPServer and run the command:
    Code:
    w.up("FILENAMEOFCERT.der", "/vol/storage_mlc01/sys/title/0005001b/10054000/content/scerts/CACERT_NINTENDO_CA_G3.der")
  7. Reboot your Wii U (or just go to System Settings and back)
  8. Connect your Wii U to the proxy, and test!
A few notes:
  • Regular SSL without the proxy will no longer work for anything that uses the certificate you replaced.
  • Not all services use that one SSL certificate and thus not all services will work; at a later date (or if someone informs me) I can add a list of what services use what CA.
which certificates is it
 

ariankordi

Well-Known Member
Member
Joined
Oct 25, 2014
Messages
392
Trophies
0
XP
333
Country
Mongolia
So... can this be our first step to custom Wii U servers (like altwfc)?
And the servers. Nintendo doesn't just have, like, 3 servers this time, and the account OAuth2 server is, well, OAuth2, but also way more complicated than anything Nintendo has done before (aside from e-commerce crypto maybe?) and also games will want their own servers, like Mario Kart TV stuff, and Splatoon wants to upload player + battle statistics after every match for SplatNet (by the way, more data than what EVEN SplatNet 2 shows is sent, so we could make a pretty sick SplatNet "Plus" server if we get to it).

But, we can try. I think we can do it, with the power of the homebrew community.

One of my ideas for integrating custom servers onto the Wii U is to either use a custom memory patcher that detects EVERYTHING and also patches EVERYTHING on the fly, OR to have a proxy that will use the custom servers for the system automatically only requiring the SSL setup of course, then we can make everyone use Let's Encrypt or something.
I don't know.
 
  • Like
Reactions: Deleted User

GRAnimated

Well-Known Member
Newcomer
Joined
Jan 9, 2017
Messages
70
Trophies
0
Age
48
XP
453
Country
United States
Hey, so I followed the entire guide, but unfortunately I was unable to get it working (done on RedNAND). Whenever my Wii U uses an online service, proxy or no proxy connected, it errors.
 

iAqua

Member
Joined
Dec 7, 2015
Messages
2,848
Trophies
0
Location
XP
2,465
Country
United Kingdom
Hey, so I followed the entire guide, but unfortunately I was unable to get it working (done on RedNAND). Whenever my Wii U uses an online service, proxy or no proxy connected, it errors.
Just noting that me and @GRAnimated did solve this problem, but here's some troubleshooting tips for anyone experiencing issues.
  • make sure you're exporting your certificate as a .der not a .cer
  • ensure all your urls are enabled for ssl proxying
  • also make sure you have the wii u client certificate in the ssl proxying settings too.
if anyone else is having problems with this you can contact me on discord at (aqua#6063)
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    DEMONGreninjaPG @ DEMONGreninjaPG: :gun::gun::gun::gun::gun::gun::bortz::bortz: